Index: third_party/tlslite/tlslite/constants.py |
diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py |
index 457b33934de98c8e8e49d1f8d26944ce0ffd59bd..7ee70be720e2611acedaeeb790ff4534e1f16ffe 100644 |
--- a/third_party/tlslite/tlslite/constants.py |
+++ b/third_party/tlslite/tlslite/constants.py |
@@ -4,6 +4,7 @@ |
# Google (adapted by Sam Rushing) - NPN support |
# Dimitris Moraitis - Anon ciphersuites |
# Dave Baggett (Arcode Corporation) - canonicalCipherName |
+# Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
# |
# See the LICENSE file for legal information regarding use of this file. |
@@ -57,6 +58,20 @@ class ExtensionType: # RFC 6066 / 4366 |
tack = 0xF300 |
supports_npn = 13172 |
channel_id = 30032 |
+ |
+class HashAlgorithm: |
+ none = 0 |
+ md5 = 1 |
+ sha1 = 2 |
+ sha224 = 3 |
+ sha256 = 4 |
+ sha384 = 5 |
+ |
+class SignatureAlgorithm: |
+ anonymous = 0 |
+ rsa = 1 |
+ dsa = 2 |
+ ecdsa = 3 |
class NameType: |
host_name = 0 |
@@ -128,7 +143,7 @@ class CipherSuite: |
# prevents renegotiation attacks |
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF |
- # draft-bmoeller-tls-downgrade-scsv-01 |
+ # draft-ietf-tls-downgrade-scsv-03 |
TLS_FALLBACK_SCSV = 0x5600 |
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A |
@@ -154,6 +169,12 @@ class CipherSuite: |
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 |
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A |
+ TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C |
+ TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D |
+ |
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 |
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B |
+ |
tripleDESSuites = [] |
tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
@@ -166,13 +187,17 @@ class CipherSuite: |
aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
+ aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) |
+ aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) |
aes256Suites = [] |
aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
- aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
+ aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
+ aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) |
+ aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) |
rc4Suites = [] |
rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) |
@@ -195,6 +220,13 @@ class CipherSuite: |
shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
+ sha256Suites = [] |
+ sha256Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) |
+ sha256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) |
+ sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) |
+ sha256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) |
+ |
+ |
md5Suites = [] |
md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
@@ -206,6 +238,8 @@ class CipherSuite: |
macSuites = [] |
if "sha" in macNames: |
macSuites += CipherSuite.shaSuites |
+ if "sha256" in macNames: |
+ macSuites += CipherSuite.sha256Suites |
if "md5" in macNames: |
macSuites += CipherSuite.md5Suites |
@@ -235,33 +269,35 @@ class CipherSuite: |
s in cipherSuites and s in keyExchangeSuites] |
srpSuites = [] |
- srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
- srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
+ srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
+ srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
@staticmethod |
def getSrpSuites(settings): |
return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) |
srpCertSuites = [] |
- srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
- srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
+ srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
+ srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
@staticmethod |
def getSrpCertSuites(settings): |
return CipherSuite._filterSuites(CipherSuite.srpCertSuites, settings) |
- srpAllSuites = srpCertSuites + srpSuites |
+ srpAllSuites = srpSuites + srpCertSuites |
@staticmethod |
def getSrpAllSuites(settings): |
return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) |
certSuites = [] |
- certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
- certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
+ certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA256) |
+ certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA256) |
certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
+ certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
+ certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
certSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
certSuites.append(TLS_RSA_WITH_RC4_128_MD5) |
@@ -270,9 +306,11 @@ class CipherSuite: |
return CipherSuite._filterSuites(CipherSuite.certSuites, settings) |
dheCertSuites = [] |
- dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
- dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
+ dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) |
+ dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) |
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA) |
+ dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA) |
+ dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) |
@staticmethod |
def getDheCertSuites(settings): |
@@ -281,8 +319,8 @@ class CipherSuite: |
certAllSuites = srpCertSuites + certSuites + dheCertSuites |
anonSuites = [] |
- anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
+ anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
@staticmethod |
def getAnonSuites(settings): |