internal static bool ShouldOptOutOfTls13(CipherSuitesPolicy policy, EncryptionPolicy encryptionPolicy) { // if TLS 1.3 was explicitly requested the underlying code will throw // if default option (SslProtocols.None) is used we will opt-out of TLS 1.3 if (encryptionPolicy == EncryptionPolicy.NoEncryption) { // TLS 1.3 uses different ciphersuite restrictions than previous versions. // It has no equivalent to a NoEncryption option. return(true); } if (policy == null) { // null means default, by default OpenSSL will choose if it wants to opt-out or not return(false); } Debug.Assert( policy.Pal._tls13CipherSuites.Length != 0 && policy.Pal._tls13CipherSuites[policy.Pal._tls13CipherSuites.Length - 1] == 0, "null terminated string expected"); // we should opt out only when policy is empty return(policy.Pal._tls13CipherSuites.Length == 1); }
internal static bool ShouldOptOutOfLowerThanTls13(CipherSuitesPolicy policy, EncryptionPolicy encryptionPolicy) { if (policy == null) { // null means default, by default OpenSSL will choose if it wants to opt-out or not return(false); } Debug.Assert( policy.Pal._cipherSuites.Length != 0 && policy.Pal._cipherSuites[policy.Pal._cipherSuites.Length - 1] == 0, "null terminated string expected"); // we should opt out only when policy is empty return(policy.Pal._cipherSuites.Length == 1); }
internal static byte[] GetOpenSslCipherSuites( CipherSuitesPolicy policy, SslProtocols protocols, EncryptionPolicy encryptionPolicy) { if (!WantsTls13(protocols) || policy == null) { // do not call TLS 1.3 API, let OpenSSL choose what to do return(null); } if (encryptionPolicy == EncryptionPolicy.NoEncryption) { throw new PlatformNotSupportedException(SR.net_ssl_ciphersuites_policy_not_supported); } return(policy.Pal._tls13CipherSuites); }
internal static byte[] GetOpenSslCipherList( CipherSuitesPolicy policy, SslProtocols protocols, EncryptionPolicy encryptionPolicy) { if (IsOnlyTls13(protocols)) { // older cipher suites will be disabled through protocols return(null); } if (policy == null) { return(CipherListFromEncryptionPolicy(encryptionPolicy)); } if (encryptionPolicy == EncryptionPolicy.NoEncryption) { throw new PlatformNotSupportedException(SR.net_ssl_ciphersuites_policy_not_supported); } return(policy.Pal._cipherSuites); }