diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-09-27 11:00:41 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-09-27 11:00:41 +0700 |
| commit | dd137c67a464cddca45424c954a908ddd73e14fe (patch) | |
| tree | 06fd8db7bd0c64ce7c34d47b8430e0f559cf4a88 | |
| parent | Refactoring (diff) | |
| download | BouncyCastle.NET-ed25519-dd137c67a464cddca45424c954a908ddd73e14fe.tar.xz | |
Update comments now that encrypt-then-MAC is out of draft (RFC 7366)
| -rw-r--r-- | crypto/src/crypto/tls/AbstractTlsServer.cs | 7 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/ExtensionType.cs | 8 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsClientProtocol.cs | 7 |
3 files changed, 12 insertions, 10 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsServer.cs b/crypto/src/crypto/tls/AbstractTlsServer.cs index 08bb289cf..c2c6fd57c 100644 --- a/crypto/src/crypto/tls/AbstractTlsServer.cs +++ b/crypto/src/crypto/tls/AbstractTlsServer.cs @@ -223,9 +223,10 @@ namespace Org.BouncyCastle.Crypto.Tls if (this.mEncryptThenMacOffered && AllowEncryptThenMac) { /* - * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC - * request extension from a client and then selects a stream or AEAD cipher suite, it - * MUST NOT send an encrypt-then-MAC response extension back to the client. + * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client + * and then selects a stream or Authenticated Encryption with Associated Data (AEAD) + * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the + * client. */ if (TlsUtilities.IsBlockCipherSuite(this.mSelectedCipherSuite)) { diff --git a/crypto/src/crypto/tls/ExtensionType.cs b/crypto/src/crypto/tls/ExtensionType.cs index f5c2523f3..3d00509af 100644 --- a/crypto/src/crypto/tls/ExtensionType.cs +++ b/crypto/src/crypto/tls/ExtensionType.cs @@ -44,14 +44,14 @@ namespace Org.BouncyCastle.Crypto.Tls public const int heartbeat = 15; /* - * RFC 5077 7. + * RFC 7366 */ - public const int session_ticket = 35; + public const int encrypt_then_mac = 22; /* - * draft-ietf-tls-encrypt-then-mac-03 + * RFC 5077 7. */ - public const int encrypt_then_mac = 22; + public const int session_ticket = 35; /* * draft-ietf-tls-session-hash-01 diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs index 54a68c4ff..9fe50add8 100644 --- a/crypto/src/crypto/tls/TlsClientProtocol.cs +++ b/crypto/src/crypto/tls/TlsClientProtocol.cs @@ -747,9 +747,10 @@ namespace Org.BouncyCastle.Crypto.Tls if (sessionServerExtensions != null) { /* - * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC - * request extension from a client and then selects a stream or AEAD cipher suite, it - * MUST NOT Send an encrypt-then-MAC response extension back to the client. + * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client + * and then selects a stream or Authenticated Encryption with Associated Data (AEAD) + * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the + * client. */ bool serverSentEncryptThenMAC = TlsExtensionsUtilities.HasEncryptThenMacExtension(sessionServerExtensions); if (serverSentEncryptThenMAC && !TlsUtilities.IsBlockCipherSuite(selectedCipherSuite)) |