diff --git a/crypto/Readme.html b/crypto/Readme.html
index ac9efdb33..f7d2fec3f 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -31,6 +31,8 @@
<a href="#mozTocId3413">Notes:</a>
<ol>
<li>
+ <a href="#mozTocId85326">Release 2.0.0</a>
+ <li>
<a href="#mozTocId85325">Release 1.9.0</a>
<li>
<a href="#mozTocId85324">Release 1.8.10</a>
@@ -310,6 +312,26 @@ We state, where EC MQV has not otherwise been disabled or removed:
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
+ <h4><a class="mozTocH4" name="mozTocId85326"></a>Release 2.0.0, TBD</h4>
+
+ <h5>Defects Fixed</h5>
+ <ul>
+ </ul>
+ <h5>Additional Features and Functionality</h5>
+ <ul>
+ <li>
+ (D)TLS: By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported
+ if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3.
+ </li>
+ </ul>
+ <h5>Additional Notes</h5>
+ <ul>
+ <li>
+ See the (cumulative) list of GitHub pull requests that we have accepted at
+ <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
+ </li>
+ </ul>
+
<h4><a class="mozTocH4" name="mozTocId85325"></a>Release 1.9.0, Sunday October 17, 2021</h4>
<h5>Defects Fixed</h5>
diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs
index 6d29953ee..4e1b28e58 100644
--- a/crypto/src/tls/AbstractTlsPeer.cs
+++ b/crypto/src/tls/AbstractTlsPeer.cs
@@ -26,8 +26,7 @@ namespace Org.BouncyCastle.Tls
/// <returns>an array of supported <see cref="ProtocolVersion"/> values.</returns>
protected virtual ProtocolVersion[] GetSupportedVersions()
{
- // TODO[tls13] Enable TLSv13 by default in due course
- return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+ return ProtocolVersion.TLSv13.DownTo(ProtocolVersion.TLSv12);
}
protected abstract int[] GetSupportedCipherSuites();
diff --git a/crypto/src/tls/DefaultTlsClient.cs b/crypto/src/tls/DefaultTlsClient.cs
index a2a742633..00827b5e7 100644
--- a/crypto/src/tls/DefaultTlsClient.cs
+++ b/crypto/src/tls/DefaultTlsClient.cs
@@ -10,10 +10,10 @@ namespace Org.BouncyCastle.Tls
private static readonly int[] DefaultCipherSuites = new int[]
{
/*
- * TODO[tls13] TLS 1.3
+ * TLS 1.3
*/
- //CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
- //CipherSuite.TLS_AES_128_GCM_SHA256,
+ CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
+ CipherSuite.TLS_AES_128_GCM_SHA256,
/*
* pre-TLS 1.3
diff --git a/crypto/src/tls/DefaultTlsServer.cs b/crypto/src/tls/DefaultTlsServer.cs
index de8a3f4a0..edab24b71 100644
--- a/crypto/src/tls/DefaultTlsServer.cs
+++ b/crypto/src/tls/DefaultTlsServer.cs
@@ -11,11 +11,11 @@ namespace Org.BouncyCastle.Tls
private static readonly int[] DefaultCipherSuites = new int[]
{
/*
- * TODO[tls13] TLS 1.3
+ * TLS 1.3
*/
- //CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
- //CipherSuite.TLS_AES_256_GCM_SHA384,
- //CipherSuite.TLS_AES_128_GCM_SHA256,
+ CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
+ CipherSuite.TLS_AES_256_GCM_SHA384,
+ CipherSuite.TLS_AES_128_GCM_SHA256,
/*
* pre-TLS 1.3
diff --git a/crypto/src/tls/PskTlsClient.cs b/crypto/src/tls/PskTlsClient.cs
index 3e9a00390..c475be63b 100644
--- a/crypto/src/tls/PskTlsClient.cs
+++ b/crypto/src/tls/PskTlsClient.cs
@@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Tls
protected override ProtocolVersion[] GetSupportedVersions()
{
- return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+ return ProtocolVersion.TLSv12.Only();
}
protected override int[] GetSupportedCipherSuites()
diff --git a/crypto/src/tls/PskTlsServer.cs b/crypto/src/tls/PskTlsServer.cs
index 7197b6ad8..968cd5ce3 100644
--- a/crypto/src/tls/PskTlsServer.cs
+++ b/crypto/src/tls/PskTlsServer.cs
@@ -40,7 +40,7 @@ namespace Org.BouncyCastle.Tls
protected override ProtocolVersion[] GetSupportedVersions()
{
- return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+ return ProtocolVersion.TLSv12.Only();
}
protected override int[] GetSupportedCipherSuites()
diff --git a/crypto/src/tls/SrpTlsClient.cs b/crypto/src/tls/SrpTlsClient.cs
index a2b0e9461..f6f6472bc 100644
--- a/crypto/src/tls/SrpTlsClient.cs
+++ b/crypto/src/tls/SrpTlsClient.cs
@@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Tls
protected override ProtocolVersion[] GetSupportedVersions()
{
- return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+ return ProtocolVersion.TLSv12.Only();
}
protected virtual bool RequireSrpServerExtension
diff --git a/crypto/src/tls/SrpTlsServer.cs b/crypto/src/tls/SrpTlsServer.cs
index 58f89ee22..1e2f09e03 100644
--- a/crypto/src/tls/SrpTlsServer.cs
+++ b/crypto/src/tls/SrpTlsServer.cs
@@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Tls
protected override ProtocolVersion[] GetSupportedVersions()
{
- return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+ return ProtocolVersion.TLSv12.Only();
}
protected override int[] GetSupportedCipherSuites()
diff --git a/crypto/test/src/tls/test/MockDtlsClient.cs b/crypto/test/src/tls/test/MockDtlsClient.cs
index 5aa1ebbd3..deef119ca 100644
--- a/crypto/test/src/tls/test/MockDtlsClient.cs
+++ b/crypto/test/src/tls/test/MockDtlsClient.cs
@@ -109,7 +109,7 @@ namespace Org.BouncyCastle.Tls.Tests
protected override ProtocolVersion[] GetSupportedVersions()
{
- return ProtocolVersion.DTLSv12.DownTo(ProtocolVersion.DTLSv10);
+ return ProtocolVersion.DTLSv12.Only();
}
internal class MyTlsAuthentication
diff --git a/crypto/test/src/tls/test/MockDtlsServer.cs b/crypto/test/src/tls/test/MockDtlsServer.cs
index 18e53628e..b3ea7f91c 100644
--- a/crypto/test/src/tls/test/MockDtlsServer.cs
+++ b/crypto/test/src/tls/test/MockDtlsServer.cs
@@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Tls.Tests
protected override ProtocolVersion[] GetSupportedVersions()
{
- return ProtocolVersion.DTLSv12.DownTo(ProtocolVersion.DTLSv10);
+ return ProtocolVersion.DTLSv12.Only();
}
}
}
|
