예제 #1
0
        protected virtual void SelectCipher(TlsClientHello message)
        {
            var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null;
            CipherSuiteCollection supportedCiphers;

            if (userCiphers != null)
            {
                supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers);
            }
            else
            {
                supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
            }

            HandshakeParameters.SupportedCiphers = supportedCiphers;

            CipherSuite selectedCipher = null;

            foreach (var code in message.ClientCiphers)
            {
                var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
                if (idx < 0)
                {
                    continue;
                }
                var cipher = HandshakeParameters.SupportedCiphers [idx];
                selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
                break;
            }

            if (selectedCipher == null)
            {
                throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
            }

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                selectedCipher.EnableDebugging = true;
            }
                        #endif

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
            }
                        #endif

            // FIXME: Select best one.
            Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
        }
예제 #2
0
        protected virtual void SelectCipher(TlsClientHello message)
        {
            var certificate = Config.Certificate;

            if (certificate == null)
            {
                throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate");
            }

            CipherSuiteCollection requestedCiphers;

            if (Settings.RequestedCiphers != null)
            {
                requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers);
            }
            else
            {
                requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
            }

            HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => {
                                #if INSTRUMENTATION
                if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection))
                {
                    return(true);
                }
                                #endif
                var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher);
                return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm));
            });

            CipherSuite selectedCipher = null;
            foreach (var code in message.ClientCiphers)
            {
                var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
                if (idx < 0)
                {
                    continue;
                }
                var cipher = HandshakeParameters.SupportedCiphers [idx];
                selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
                break;
            }

            if (selectedCipher == null)
            {
                throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
            }

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                selectedCipher.EnableDebugging = true;
            }
                        #endif

                        #if DEBUG_FULL
            if (Context.EnableDebugging)
            {
                DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
            }
                        #endif

            // FIXME: Select best one.
            Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
            Session.PendingCrypto.ServerCertificates = new X509CertificateCollection();
            Session.PendingCrypto.ServerCertificates.Add(certificate);
        }