public override IDictionary GetClientExtensions() { IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions()); TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions); return(clientExtensions); }
//public override int[] GetCipherSuites() //{ // return Arrays.Concatenate(base.GetCipherSuites(), // new int[] // { // CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, // CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1, // CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1, // CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1, // CipherSuite.TLS_RSA_WITH_SALSA20_SHA1, // }); //} public override IDictionary GetClientExtensions() { IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions()); TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions); TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9); TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions); return(clientExtensions); }
//public override int[] GetCipherSuites() //{ // return Arrays.Concatenate(base.GetCipherSuites(), // new int[] // { // CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, // CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1, // CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1, // CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1, // CipherSuite.TLS_RSA_WITH_SALSA20_SHA1, // }); //} public override IDictionary GetClientExtensions() { IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions()); TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions); { /* * NOTE: If you are copying test code, do not blindly set these extensions in your own client. */ TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9); TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions); } return(clientExtensions); }
protected virtual void SendServerHelloMessage() { HandshakeMessage handshakeMessage = new HandshakeMessage(2); ProtocolVersion serverVersion = mTlsServer.GetServerVersion(); if (!serverVersion.IsEqualOrEarlierVersionOf(Context.ClientVersion)) { throw new TlsFatalAlert(80); } mRecordStream.ReadVersion = serverVersion; mRecordStream.SetWriteVersion(serverVersion); mRecordStream.SetRestrictReadVersion(enabled: true); ContextAdmin.SetServerVersion(serverVersion); TlsUtilities.WriteVersion(serverVersion, handshakeMessage); handshakeMessage.Write(mSecurityParameters.serverRandom); TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage); int selectedCipherSuite = mTlsServer.GetSelectedCipherSuite(); if (!Arrays.Contains(mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, Context.ServerVersion)) { throw new TlsFatalAlert(80); } mSecurityParameters.cipherSuite = selectedCipherSuite; byte selectedCompressionMethod = mTlsServer.GetSelectedCompressionMethod(); if (!Arrays.Contains(mOfferedCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(80); } mSecurityParameters.compressionAlgorithm = selectedCompressionMethod; TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage); TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage); mServerExtensions = mTlsServer.GetServerExtensions(); if (mSecureRenegotiation) { byte[] extensionData = TlsUtilities.GetExtensionData(mServerExtensions, 65281); if (null == extensionData) { mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions); mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes); } } if (mSecurityParameters.extendedMasterSecret) { mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions); TlsExtensionsUtilities.AddExtendedMasterSecretExtension(mServerExtensions); } if (mServerExtensions != null) { mSecurityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(mServerExtensions); mSecurityParameters.maxFragmentLength = ProcessMaxFragmentLengthExtension(mClientExtensions, mServerExtensions, 80); mSecurityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(mServerExtensions); mAllowCertificateStatus = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 5, 80)); mExpectSessionTicket = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 35, 80)); TlsProtocol.WriteExtensions(handshakeMessage, mServerExtensions); } mSecurityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(Context, mSecurityParameters.CipherSuite); mSecurityParameters.verifyDataLength = 12; ApplyMaxFragmentLengthExtension(); handshakeMessage.WriteToRecordStream(this); }