Index: third_party/tlslite/tlslite/handshakesettings.py |
diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py |
index 2e9e06d7ff723cf562cfdf3cbc5feb0174e7dcb4..2f11aaa65afd5af8512bf4e5d8ae9a944cf60c96 100644 |
--- a/third_party/tlslite/tlslite/handshakesettings.py |
+++ b/third_party/tlslite/tlslite/handshakesettings.py |
@@ -11,11 +11,9 @@ from .constants import CertificateType |
from .utils import cryptomath |
from .utils import cipherfactory |
-# RC4 is preferred as faster in Python, works in SSL3, and immune to CBC |
-# issues such as timing attacks |
davidben
2015/01/25 02:43:41
This and similar comments removed because I'm pret
|
-CIPHER_NAMES = ["rc4", "aes256", "aes128", "3des"] |
-MAC_NAMES = ["sha", "sha256"] # Don't allow "md5" by default. |
-ALL_MAC_NAMES = ["sha", "sha256", "md5"] |
+CIPHER_NAMES = ["aes128gcm", "rc4", "aes256", "aes128", "3des"] |
+MAC_NAMES = ["sha", "sha256", "aead"] # Don't allow "md5" by default. |
+ALL_MAC_NAMES = MAC_NAMES + ["md5"] |
KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"] |
CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"] |
CERTIFICATE_TYPES = ["x509"] |
@@ -42,7 +40,7 @@ class HandshakeSettings(object): |
The default is 8193. |
@type cipherNames: list |
- @ivar cipherNames: The allowed ciphers, in order of preference. |
+ @ivar cipherNames: The allowed ciphers. |
The allowed values in this list are 'aes256', 'aes128', '3des', and |
'rc4'. If these settings are used with a client handshake, they |
@@ -68,8 +66,7 @@ class HandshakeSettings(object): |
@type certificateTypes: list |
- @ivar certificateTypes: The allowed certificate types, in order of |
- preference. |
+ @ivar certificateTypes: The allowed certificate types. |
The only allowed certificate type is 'x509'. This list is only used with a |
client handshake. The client will advertise to the server which certificate |
@@ -197,10 +194,6 @@ class HandshakeSettings(object): |
if not other.maxVersion in ((3,0), (3,1), (3,2), (3,3)): |
raise ValueError("maxVersion set incorrectly") |
- if other.maxVersion < (3,3): |
- # No sha256 pre TLS 1.2 |
- other.macNames = [e for e in self.macNames if e != "sha256"] |
davidben
2015/01/25 02:43:41
Moved to constants.py to handle the server end too
|
- |
return other |
def _getCertificateTypes(self): |