public virtual IDictionary GetClientExtensions()
    {
        IDictionary     dictionary    = null;
        ProtocolVersion clientVersion = mContext.ClientVersion;

        if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
        {
            mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
            dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
            TlsUtilities.AddSignatureAlgorithmsExtension(dictionary, mSupportedSignatureAlgorithms);
        }
        if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
        {
            mNamedCurves = new int[2]
            {
                23,
                24
            };
            mClientECPointFormats = new byte[3]
            {
                0,
                1,
                2
            };
            dictionary = TlsExtensionsUtilities.EnsureExtensionsInitialised(dictionary);
            TlsEccUtilities.AddSupportedEllipticCurvesExtension(dictionary, mNamedCurves);
            TlsEccUtilities.AddSupportedPointFormatsExtension(dictionary, mClientECPointFormats);
        }
        return(dictionary);
    }
Beispiel #2
0
        public virtual IDictionary GetClientExtensions()
        {
            IDictionary clientExtensions = null;

            ProtocolVersion clientVersion = mContext.ClientVersion;

            /*
             * RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior to 1.2.
             * Clients MUST NOT offer it if they are offering prior versions.
             */
            if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
            {
                // TODO Provide a way for the user to specify the acceptable hash/signature algorithms.

                this.mSupportedSignatureAlgorithms = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();

                clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);

                TlsUtilities.AddSignatureAlgorithmsExtension(clientExtensions, mSupportedSignatureAlgorithms);
            }

            if (TlsEccUtilities.ContainsEccCipherSuites(GetCipherSuites()))
            {
                /*
                 * RFC 4492 5.1. A client that proposes ECC cipher suites in its ClientHello message
                 * appends these extensions (along with any others), enumerating the curves it supports
                 * and the point formats it can parse. Clients SHOULD send both the Supported Elliptic
                 * Curves Extension and the Supported Point Formats Extension.
                 */
                /*
                 * TODO Could just add all the curves since we support them all, but users may not want
                 * to use unnecessarily large fields. Need configuration options.
                 */
                this.mNamedCurves          = new int[] { NamedCurve.secp256r1, NamedCurve.secp384r1 };
                this.mClientECPointFormats = new byte[] { ECPointFormat.uncompressed,
                                                          ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, };

                clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);

                TlsEccUtilities.AddSupportedEllipticCurvesExtension(clientExtensions, mNamedCurves);
                TlsEccUtilities.AddSupportedPointFormatsExtension(clientExtensions, mClientECPointFormats);
            }

            if (this.HostNames != null && this.HostNames.Count > 0)
            {
                var list = new System.Collections.Generic.List <ServerName>(this.HostNames.Count);

                for (int i = 0; i < this.HostNames.Count; ++i)
                {
                    list.Add(new ServerName(Tls.NameType.host_name, this.HostNames[i]));
                }

                TlsExtensionsUtilities.AddServerNameExtension(clientExtensions, new ServerNameList(list));
            }

            return(clientExtensions);
        }