protected virtual void SelectCipher(TlsClientHello message)
{
var userCiphers = Config.UserSettings != null ? Config.UserSettings.RequestedCiphers : null;
CipherSuiteCollection supportedCiphers;
if (userCiphers != null)
{
supportedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, userCiphers);
}
else
{
supportedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
}
HandshakeParameters.SupportedCiphers = supportedCiphers;
CipherSuite selectedCipher = null;
foreach (var code in message.ClientCiphers)
{
var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
if (idx < 0)
{
continue;
}
var cipher = HandshakeParameters.SupportedCiphers [idx];
selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
break;
}
if (selectedCipher == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
}
#if DEBUG_FULL
if (Context.EnableDebugging)
{
selectedCipher.EnableDebugging = true;
}
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
}
#endif
// FIXME: Select best one.
Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
}
protected virtual void SelectCipher(TlsClientHello message)
{
var certificate = Config.Certificate;
if (certificate == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Missing server certificate");
}
CipherSuiteCollection requestedCiphers;
if (Settings.RequestedCiphers != null)
{
requestedCiphers = new CipherSuiteCollection(Context.NegotiatedProtocol, Settings.RequestedCiphers);
}
else
{
requestedCiphers = CipherSuiteFactory.GetDefaultCiphers(Context.NegotiatedProtocol);
}
HandshakeParameters.SupportedCiphers = requestedCiphers.Filter(cipher => {
#if INSTRUMENTATION
if (Context.HasInstrument(HandshakeInstrumentType.OverrideServerCertificateSelection))
{
return(true);
}
#endif
var exchangeAlgorithm = CipherSuiteFactory.GetExchangeAlgorithmType(Context.NegotiatedProtocol, cipher);
return(CertificateManager.VerifyServerCertificate(Context, certificate, exchangeAlgorithm));
});
CipherSuite selectedCipher = null;
foreach (var code in message.ClientCiphers)
{
var idx = HandshakeParameters.SupportedCiphers.IndexOf(code);
if (idx < 0)
{
continue;
}
var cipher = HandshakeParameters.SupportedCiphers [idx];
selectedCipher = CipherSuiteFactory.CreateCipherSuite(Context.NegotiatedProtocol, cipher);
break;
}
if (selectedCipher == null)
{
throw new TlsException(AlertDescription.HandshakeFailure, "Invalid cipher suite received from client");
}
#if DEBUG_FULL
if (Context.EnableDebugging)
{
selectedCipher.EnableDebugging = true;
}
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("Selected Cipher: {0}", selectedCipher);
}
#endif
// FIXME: Select best one.
Session.PendingCrypto = selectedCipher.Initialize(true, Context.NegotiatedProtocol);
Session.PendingCrypto.ServerCertificates = new X509CertificateCollection();
Session.PendingCrypto.ServerCertificates.Add(certificate);
}