diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-11 15:05:33 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-11 15:05:33 +0700 |
| commit | aff809de7530bc424bee096a88f916aa6a728a86 (patch) | |
| tree | 95a88b75dd9691ff9989ecee6db409b88e0e99ae | |
| parent | Register DTLS 1.3 version number (diff) | |
| download | BouncyCastle.NET-ed25519-aff809de7530bc424bee096a88f916aa6a728a86.tar.xz | |
(D)TLS: now defaults to offering (D)TLS 1.2, TLS 13
| -rw-r--r-- | crypto/Readme.html | 22 | ||||
| -rw-r--r-- | crypto/src/tls/AbstractTlsPeer.cs | 3 | ||||
| -rw-r--r-- | crypto/src/tls/DefaultTlsClient.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/DefaultTlsServer.cs | 8 | ||||
| -rw-r--r-- | crypto/src/tls/PskTlsClient.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/PskTlsServer.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/SrpTlsClient.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/SrpTlsServer.cs | 2 | ||||
| -rw-r--r-- | crypto/test/src/tls/test/MockDtlsClient.cs | 2 | ||||
| -rw-r--r-- | crypto/test/src/tls/test/MockDtlsServer.cs | 2 |
10 files changed, 36 insertions, 15 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html index ac9efdb33..f7d2fec3f 100644 --- a/crypto/Readme.html +++ b/crypto/Readme.html @@ -31,6 +31,8 @@ <a href="#mozTocId3413">Notes:</a> <ol> <li> + <a href="#mozTocId85326">Release 2.0.0</a> + <li> <a href="#mozTocId85325">Release 1.9.0</a> <li> <a href="#mozTocId85324">Release 1.8.10</a> @@ -310,6 +312,26 @@ We state, where EC MQV has not otherwise been disabled or removed: <hr style="WIDTH: 100%; HEIGHT: 2px"> <h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3> + <h4><a class="mozTocH4" name="mozTocId85326"></a>Release 2.0.0, TBD</h4> + + <h5>Defects Fixed</h5> + <ul> + </ul> + <h5>Additional Features and Functionality</h5> + <ul> + <li> + (D)TLS: By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported + if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3. + </li> + </ul> + <h5>Additional Notes</h5> + <ul> + <li> + See the (cumulative) list of GitHub pull requests that we have accepted at + <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>. + </li> + </ul> + <h4><a class="mozTocH4" name="mozTocId85325"></a>Release 1.9.0, Sunday October 17, 2021</h4> <h5>Defects Fixed</h5> diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs index 6d29953ee..4e1b28e58 100644 --- a/crypto/src/tls/AbstractTlsPeer.cs +++ b/crypto/src/tls/AbstractTlsPeer.cs @@ -26,8 +26,7 @@ namespace Org.BouncyCastle.Tls /// <returns>an array of supported <see cref="ProtocolVersion"/> values.</returns> protected virtual ProtocolVersion[] GetSupportedVersions() { - // TODO[tls13] Enable TLSv13 by default in due course - return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10); + return ProtocolVersion.TLSv13.DownTo(ProtocolVersion.TLSv12); } protected abstract int[] GetSupportedCipherSuites(); diff --git a/crypto/src/tls/DefaultTlsClient.cs b/crypto/src/tls/DefaultTlsClient.cs index a2a742633..00827b5e7 100644 --- a/crypto/src/tls/DefaultTlsClient.cs +++ b/crypto/src/tls/DefaultTlsClient.cs @@ -10,10 +10,10 @@ namespace Org.BouncyCastle.Tls private static readonly int[] DefaultCipherSuites = new int[] { /* - * TODO[tls13] TLS 1.3 + * TLS 1.3 */ - //CipherSuite.TLS_CHACHA20_POLY1305_SHA256, - //CipherSuite.TLS_AES_128_GCM_SHA256, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256, + CipherSuite.TLS_AES_128_GCM_SHA256, /* * pre-TLS 1.3 diff --git a/crypto/src/tls/DefaultTlsServer.cs b/crypto/src/tls/DefaultTlsServer.cs index de8a3f4a0..edab24b71 100644 --- a/crypto/src/tls/DefaultTlsServer.cs +++ b/crypto/src/tls/DefaultTlsServer.cs @@ -11,11 +11,11 @@ namespace Org.BouncyCastle.Tls private static readonly int[] DefaultCipherSuites = new int[] { /* - * TODO[tls13] TLS 1.3 + * TLS 1.3 */ - //CipherSuite.TLS_CHACHA20_POLY1305_SHA256, - //CipherSuite.TLS_AES_256_GCM_SHA384, - //CipherSuite.TLS_AES_128_GCM_SHA256, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256, + CipherSuite.TLS_AES_256_GCM_SHA384, + CipherSuite.TLS_AES_128_GCM_SHA256, /* * pre-TLS 1.3 diff --git a/crypto/src/tls/PskTlsClient.cs b/crypto/src/tls/PskTlsClient.cs index 3e9a00390..c475be63b 100644 --- a/crypto/src/tls/PskTlsClient.cs +++ b/crypto/src/tls/PskTlsClient.cs @@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Tls protected override ProtocolVersion[] GetSupportedVersions() { - return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10); + return ProtocolVersion.TLSv12.Only(); } protected override int[] GetSupportedCipherSuites() diff --git a/crypto/src/tls/PskTlsServer.cs b/crypto/src/tls/PskTlsServer.cs index 7197b6ad8..968cd5ce3 100644 --- a/crypto/src/tls/PskTlsServer.cs +++ b/crypto/src/tls/PskTlsServer.cs @@ -40,7 +40,7 @@ namespace Org.BouncyCastle.Tls protected override ProtocolVersion[] GetSupportedVersions() { - return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10); + return ProtocolVersion.TLSv12.Only(); } protected override int[] GetSupportedCipherSuites() diff --git a/crypto/src/tls/SrpTlsClient.cs b/crypto/src/tls/SrpTlsClient.cs index a2b0e9461..f6f6472bc 100644 --- a/crypto/src/tls/SrpTlsClient.cs +++ b/crypto/src/tls/SrpTlsClient.cs @@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Tls protected override ProtocolVersion[] GetSupportedVersions() { - return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10); + return ProtocolVersion.TLSv12.Only(); } protected virtual bool RequireSrpServerExtension diff --git a/crypto/src/tls/SrpTlsServer.cs b/crypto/src/tls/SrpTlsServer.cs index 58f89ee22..1e2f09e03 100644 --- a/crypto/src/tls/SrpTlsServer.cs +++ b/crypto/src/tls/SrpTlsServer.cs @@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Tls protected override ProtocolVersion[] GetSupportedVersions() { - return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10); + return ProtocolVersion.TLSv12.Only(); } protected override int[] GetSupportedCipherSuites() diff --git a/crypto/test/src/tls/test/MockDtlsClient.cs b/crypto/test/src/tls/test/MockDtlsClient.cs index 5aa1ebbd3..deef119ca 100644 --- a/crypto/test/src/tls/test/MockDtlsClient.cs +++ b/crypto/test/src/tls/test/MockDtlsClient.cs @@ -109,7 +109,7 @@ namespace Org.BouncyCastle.Tls.Tests protected override ProtocolVersion[] GetSupportedVersions() { - return ProtocolVersion.DTLSv12.DownTo(ProtocolVersion.DTLSv10); + return ProtocolVersion.DTLSv12.Only(); } internal class MyTlsAuthentication diff --git a/crypto/test/src/tls/test/MockDtlsServer.cs b/crypto/test/src/tls/test/MockDtlsServer.cs index 18e53628e..b3ea7f91c 100644 --- a/crypto/test/src/tls/test/MockDtlsServer.cs +++ b/crypto/test/src/tls/test/MockDtlsServer.cs @@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Tls.Tests protected override ProtocolVersion[] GetSupportedVersions() { - return ProtocolVersion.DTLSv12.DownTo(ProtocolVersion.DTLSv10); + return ProtocolVersion.DTLSv12.Only(); } } } |