public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
return(clientExtensions);
}
//public override int[] GetCipherSuites()
//{
// return Arrays.Concatenate(base.GetCipherSuites(),
// new int[]
// {
// CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
// CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
// CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
// CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
// CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
// });
//}
public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
return(clientExtensions);
}
//public override int[] GetCipherSuites()
//{
// return Arrays.Concatenate(base.GetCipherSuites(),
// new int[]
// {
// CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
// CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
// CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
// CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
// CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
// });
//}
public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
{
/*
* NOTE: If you are copying test code, do not blindly set these extensions in your own client.
*/
TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
}
return(clientExtensions);
}
protected virtual void SendServerHelloMessage()
{
HandshakeMessage handshakeMessage = new HandshakeMessage(2);
ProtocolVersion serverVersion = mTlsServer.GetServerVersion();
if (!serverVersion.IsEqualOrEarlierVersionOf(Context.ClientVersion))
{
throw new TlsFatalAlert(80);
}
mRecordStream.ReadVersion = serverVersion;
mRecordStream.SetWriteVersion(serverVersion);
mRecordStream.SetRestrictReadVersion(enabled: true);
ContextAdmin.SetServerVersion(serverVersion);
TlsUtilities.WriteVersion(serverVersion, handshakeMessage);
handshakeMessage.Write(mSecurityParameters.serverRandom);
TlsUtilities.WriteOpaque8(TlsUtilities.EmptyBytes, handshakeMessage);
int selectedCipherSuite = mTlsServer.GetSelectedCipherSuite();
if (!Arrays.Contains(mOfferedCipherSuites, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.IsScsv(selectedCipherSuite) || !TlsUtilities.IsValidCipherSuiteForVersion(selectedCipherSuite, Context.ServerVersion))
{
throw new TlsFatalAlert(80);
}
mSecurityParameters.cipherSuite = selectedCipherSuite;
byte selectedCompressionMethod = mTlsServer.GetSelectedCompressionMethod();
if (!Arrays.Contains(mOfferedCompressionMethods, selectedCompressionMethod))
{
throw new TlsFatalAlert(80);
}
mSecurityParameters.compressionAlgorithm = selectedCompressionMethod;
TlsUtilities.WriteUint16(selectedCipherSuite, handshakeMessage);
TlsUtilities.WriteUint8(selectedCompressionMethod, handshakeMessage);
mServerExtensions = mTlsServer.GetServerExtensions();
if (mSecureRenegotiation)
{
byte[] extensionData = TlsUtilities.GetExtensionData(mServerExtensions, 65281);
if (null == extensionData)
{
mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions);
mServerExtensions[65281] = TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes);
}
}
if (mSecurityParameters.extendedMasterSecret)
{
mServerExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(mServerExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(mServerExtensions);
}
if (mServerExtensions != null)
{
mSecurityParameters.encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(mServerExtensions);
mSecurityParameters.maxFragmentLength = ProcessMaxFragmentLengthExtension(mClientExtensions, mServerExtensions, 80);
mSecurityParameters.truncatedHMac = TlsExtensionsUtilities.HasTruncatedHMacExtension(mServerExtensions);
mAllowCertificateStatus = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 5, 80));
mExpectSessionTicket = (!mResumedSession && TlsUtilities.HasExpectedEmptyExtensionData(mServerExtensions, 35, 80));
TlsProtocol.WriteExtensions(handshakeMessage, mServerExtensions);
}
mSecurityParameters.prfAlgorithm = TlsProtocol.GetPrfAlgorithm(Context, mSecurityParameters.CipherSuite);
mSecurityParameters.verifyDataLength = 12;
ApplyMaxFragmentLengthExtension();
handshakeMessage.WriteToRecordStream(this);
}