summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2022-05-11 15:05:33 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2022-05-11 15:05:33 +0700
commitaff809de7530bc424bee096a88f916aa6a728a86 (patch)
tree95a88b75dd9691ff9989ecee6db409b88e0e99ae
parentRegister DTLS 1.3 version number (diff)
downloadBouncyCastle.NET-ed25519-aff809de7530bc424bee096a88f916aa6a728a86.tar.xz
(D)TLS: now defaults to offering (D)TLS 1.2, TLS 13
-rw-r--r--crypto/Readme.html22
-rw-r--r--crypto/src/tls/AbstractTlsPeer.cs3
-rw-r--r--crypto/src/tls/DefaultTlsClient.cs6
-rw-r--r--crypto/src/tls/DefaultTlsServer.cs8
-rw-r--r--crypto/src/tls/PskTlsClient.cs2
-rw-r--r--crypto/src/tls/PskTlsServer.cs2
-rw-r--r--crypto/src/tls/SrpTlsClient.cs2
-rw-r--r--crypto/src/tls/SrpTlsServer.cs2
-rw-r--r--crypto/test/src/tls/test/MockDtlsClient.cs2
-rw-r--r--crypto/test/src/tls/test/MockDtlsServer.cs2
10 files changed, 36 insertions, 15 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html
index ac9efdb33..f7d2fec3f 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -31,6 +31,8 @@
 				<a href="#mozTocId3413">Notes:</a>
 		<ol>
             <li>
+                <a href="#mozTocId85326">Release 2.0.0</a>
+            <li>
                 <a href="#mozTocId85325">Release 1.9.0</a>
             <li>
                 <a href="#mozTocId85324">Release 1.8.10</a>
@@ -310,6 +312,26 @@ We state, where EC MQV has not otherwise been disabled or removed:
 		<hr style="WIDTH: 100%; HEIGHT: 2px">
 		<h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
 
+        <h4><a class="mozTocH4" name="mozTocId85326"></a>Release 2.0.0, TBD</h4>
+
+        <h5>Defects Fixed</h5>
+        <ul>
+        </ul>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+            <li>
+                (D)TLS: By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported
+                if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3.
+            </li>
+        </ul>
+        <h5>Additional Notes</h5>
+        <ul>
+            <li>
+                See the (cumulative) list of GitHub pull requests that we have accepted at
+                <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
+            </li>
+        </ul>
+
         <h4><a class="mozTocH4" name="mozTocId85325"></a>Release 1.9.0, Sunday October 17, 2021</h4>
 
         <h5>Defects Fixed</h5>
diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs
index 6d29953ee..4e1b28e58 100644
--- a/crypto/src/tls/AbstractTlsPeer.cs
+++ b/crypto/src/tls/AbstractTlsPeer.cs
@@ -26,8 +26,7 @@ namespace Org.BouncyCastle.Tls
         /// <returns>an array of supported <see cref="ProtocolVersion"/> values.</returns>
         protected virtual ProtocolVersion[] GetSupportedVersions()
         {
-            // TODO[tls13] Enable TLSv13 by default in due course
-            return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+            return ProtocolVersion.TLSv13.DownTo(ProtocolVersion.TLSv12);
         }
 
         protected abstract int[] GetSupportedCipherSuites();
diff --git a/crypto/src/tls/DefaultTlsClient.cs b/crypto/src/tls/DefaultTlsClient.cs
index a2a742633..00827b5e7 100644
--- a/crypto/src/tls/DefaultTlsClient.cs
+++ b/crypto/src/tls/DefaultTlsClient.cs
@@ -10,10 +10,10 @@ namespace Org.BouncyCastle.Tls
         private static readonly int[] DefaultCipherSuites = new int[]
         {
             /*
-             * TODO[tls13] TLS 1.3
+             * TLS 1.3
              */
-            //CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
-            //CipherSuite.TLS_AES_128_GCM_SHA256,
+            CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
+            CipherSuite.TLS_AES_128_GCM_SHA256,
 
             /*
              * pre-TLS 1.3
diff --git a/crypto/src/tls/DefaultTlsServer.cs b/crypto/src/tls/DefaultTlsServer.cs
index de8a3f4a0..edab24b71 100644
--- a/crypto/src/tls/DefaultTlsServer.cs
+++ b/crypto/src/tls/DefaultTlsServer.cs
@@ -11,11 +11,11 @@ namespace Org.BouncyCastle.Tls
         private static readonly int[] DefaultCipherSuites = new int[]
         {
             /*
-             * TODO[tls13] TLS 1.3
+             * TLS 1.3
              */
-            //CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
-            //CipherSuite.TLS_AES_256_GCM_SHA384,
-            //CipherSuite.TLS_AES_128_GCM_SHA256,
+            CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
+            CipherSuite.TLS_AES_256_GCM_SHA384,
+            CipherSuite.TLS_AES_128_GCM_SHA256,
 
             /*
              * pre-TLS 1.3
diff --git a/crypto/src/tls/PskTlsClient.cs b/crypto/src/tls/PskTlsClient.cs
index 3e9a00390..c475be63b 100644
--- a/crypto/src/tls/PskTlsClient.cs
+++ b/crypto/src/tls/PskTlsClient.cs
@@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Tls
 
         protected override ProtocolVersion[] GetSupportedVersions()
         {
-            return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+            return ProtocolVersion.TLSv12.Only();
         }
 
         protected override int[] GetSupportedCipherSuites()
diff --git a/crypto/src/tls/PskTlsServer.cs b/crypto/src/tls/PskTlsServer.cs
index 7197b6ad8..968cd5ce3 100644
--- a/crypto/src/tls/PskTlsServer.cs
+++ b/crypto/src/tls/PskTlsServer.cs
@@ -40,7 +40,7 @@ namespace Org.BouncyCastle.Tls
 
         protected override ProtocolVersion[] GetSupportedVersions()
         {
-            return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+            return ProtocolVersion.TLSv12.Only();
         }
 
         protected override int[] GetSupportedCipherSuites()
diff --git a/crypto/src/tls/SrpTlsClient.cs b/crypto/src/tls/SrpTlsClient.cs
index a2b0e9461..f6f6472bc 100644
--- a/crypto/src/tls/SrpTlsClient.cs
+++ b/crypto/src/tls/SrpTlsClient.cs
@@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Tls
 
         protected override ProtocolVersion[] GetSupportedVersions()
         {
-            return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+            return ProtocolVersion.TLSv12.Only();
         }
 
         protected virtual bool RequireSrpServerExtension
diff --git a/crypto/src/tls/SrpTlsServer.cs b/crypto/src/tls/SrpTlsServer.cs
index 58f89ee22..1e2f09e03 100644
--- a/crypto/src/tls/SrpTlsServer.cs
+++ b/crypto/src/tls/SrpTlsServer.cs
@@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Tls
 
         protected override ProtocolVersion[] GetSupportedVersions()
         {
-            return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+            return ProtocolVersion.TLSv12.Only();
         }
 
         protected override int[] GetSupportedCipherSuites()
diff --git a/crypto/test/src/tls/test/MockDtlsClient.cs b/crypto/test/src/tls/test/MockDtlsClient.cs
index 5aa1ebbd3..deef119ca 100644
--- a/crypto/test/src/tls/test/MockDtlsClient.cs
+++ b/crypto/test/src/tls/test/MockDtlsClient.cs
@@ -109,7 +109,7 @@ namespace Org.BouncyCastle.Tls.Tests
 
         protected override ProtocolVersion[] GetSupportedVersions()
         {
-            return ProtocolVersion.DTLSv12.DownTo(ProtocolVersion.DTLSv10);
+            return ProtocolVersion.DTLSv12.Only();
         }
 
         internal class MyTlsAuthentication
diff --git a/crypto/test/src/tls/test/MockDtlsServer.cs b/crypto/test/src/tls/test/MockDtlsServer.cs
index 18e53628e..b3ea7f91c 100644
--- a/crypto/test/src/tls/test/MockDtlsServer.cs
+++ b/crypto/test/src/tls/test/MockDtlsServer.cs
@@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Tls.Tests
 
         protected override ProtocolVersion[] GetSupportedVersions()
         {
-            return ProtocolVersion.DTLSv12.DownTo(ProtocolVersion.DTLSv10);
+            return ProtocolVersion.DTLSv12.Only();
         }
     }
 }