diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2016-01-17 19:10:00 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2016-01-17 19:10:00 +0700 |
commit | 8a0cd220d06752b3c6248e8cbd137204294ca943 (patch) | |
tree | 908258148b391dfb632fbf00884e0b25a052c0f3 /crypto/src | |
parent | Implement updated draft-ietf-tls-chacha20-poly1305-04 (diff) | |
download | BouncyCastle.NET-ed25519-8a0cd220d06752b3c6248e8cbd137204294ca943.tar.xz |
draft-ietf-tls-downgrade-scsv => RFC 7507
Diffstat (limited to 'crypto/src')
-rw-r--r-- | crypto/src/crypto/tls/AbstractTlsClient.cs | 6 | ||||
-rw-r--r-- | crypto/src/crypto/tls/AbstractTlsServer.cs | 8 | ||||
-rw-r--r-- | crypto/src/crypto/tls/AlertDescription.cs | 4 | ||||
-rw-r--r-- | crypto/src/crypto/tls/CipherSuite.cs | 10 | ||||
-rw-r--r-- | crypto/src/crypto/tls/DtlsClientProtocol.cs | 9 | ||||
-rw-r--r-- | crypto/src/crypto/tls/TlsClientProtocol.cs | 9 |
6 files changed, 24 insertions, 22 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsClient.cs b/crypto/src/crypto/tls/AbstractTlsClient.cs index fedca0934..ee7a93803 100644 --- a/crypto/src/crypto/tls/AbstractTlsClient.cs +++ b/crypto/src/crypto/tls/AbstractTlsClient.cs @@ -89,9 +89,9 @@ namespace Org.BouncyCastle.Crypto.Tls public virtual bool IsFallback { /* - * draft-ietf-tls-downgrade-scsv-00 4. [..] is meant for use by clients that repeat a - * connection attempt with a downgraded protocol in order to avoid interoperability problems - * with legacy servers. + * RFC 7507 4. The TLS_FALLBACK_SCSV cipher suite value is meant for use by clients that + * repeat a connection attempt with a downgraded protocol (perform a "fallback retry") in + * order to work around interoperability problems with legacy servers. */ get { return false; } } diff --git a/crypto/src/crypto/tls/AbstractTlsServer.cs b/crypto/src/crypto/tls/AbstractTlsServer.cs index 9f549cfd1..d87a294f0 100644 --- a/crypto/src/crypto/tls/AbstractTlsServer.cs +++ b/crypto/src/crypto/tls/AbstractTlsServer.cs @@ -113,10 +113,10 @@ namespace Org.BouncyCastle.Crypto.Tls public virtual void NotifyFallback(bool isFallback) { /* - * draft-ietf-tls-downgrade-scsv-00 3. If TLS_FALLBACK_SCSV appears in - * ClientHello.cipher_suites and the highest protocol version supported by the server is - * higher than the version indicated in ClientHello.client_version, the server MUST respond - * with an inappropriate_fallback alert. + * RFC 7507 3. If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest + * protocol version supported by the server is higher than the version indicated in + * ClientHello.client_version, the server MUST respond with a fatal inappropriate_fallback + * alert [..]. */ if (isFallback && MaximumVersion.IsLaterVersionOf(mClientVersion)) throw new TlsFatalAlert(AlertDescription.inappropriate_fallback); diff --git a/crypto/src/crypto/tls/AlertDescription.cs b/crypto/src/crypto/tls/AlertDescription.cs index 49de60cea..4e2464b50 100644 --- a/crypto/src/crypto/tls/AlertDescription.cs +++ b/crypto/src/crypto/tls/AlertDescription.cs @@ -215,13 +215,13 @@ namespace Org.BouncyCastle.Crypto.Tls public const byte unknown_psk_identity = 115; /* - * draft-ietf-tls-downgrade-scsv-00 + * RFC 7507 */ /** * If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version * supported by the server is higher than the version indicated in ClientHello.client_version, - * the server MUST respond with an inappropriate_fallback alert. + * the server MUST respond with a fatal inappropriate_fallback alert [..]. */ public const byte inappropriate_fallback = 86; diff --git a/crypto/src/crypto/tls/CipherSuite.cs b/crypto/src/crypto/tls/CipherSuite.cs index 1ed0a5ef3..5aa556389 100644 --- a/crypto/src/crypto/tls/CipherSuite.cs +++ b/crypto/src/crypto/tls/CipherSuite.cs @@ -331,6 +331,11 @@ namespace Org.BouncyCastle.Crypto.Tls public const int TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF; /* + * RFC 7507 + */ + public const int TLS_FALLBACK_SCSV = 0x5600; + + /* * draft-ietf-tls-chacha20-poly1305-04 */ public const int DRAFT_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8; @@ -341,11 +346,6 @@ namespace Org.BouncyCastle.Crypto.Tls public const int DRAFT_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAD; public const int DRAFT_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAE; - /* - * draft-ietf-tls-downgrade-scsv-00 - */ - public const int TLS_FALLBACK_SCSV = 0x5600; - public static bool IsScsv(int cipherSuite) { switch (cipherSuite) diff --git a/crypto/src/crypto/tls/DtlsClientProtocol.cs b/crypto/src/crypto/tls/DtlsClientProtocol.cs index 7cb554ae8..abb402077 100644 --- a/crypto/src/crypto/tls/DtlsClientProtocol.cs +++ b/crypto/src/crypto/tls/DtlsClientProtocol.cs @@ -431,10 +431,11 @@ namespace Org.BouncyCastle.Crypto.Tls } /* - * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version - * containing a lower value than the latest (highest-valued) version supported by the - * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in - * ClientHello.cipher_suites. + * RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value + * than the latest (highest-valued) version supported by the client, it SHOULD include + * the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The + * client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends + * to negotiate.) */ if (fallback && !Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) { diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs index c2447e434..4c2a0a545 100644 --- a/crypto/src/crypto/tls/TlsClientProtocol.cs +++ b/crypto/src/crypto/tls/TlsClientProtocol.cs @@ -871,10 +871,11 @@ namespace Org.BouncyCastle.Crypto.Tls } /* - * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version - * containing a lower value than the latest (highest-valued) version supported by the - * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in - * ClientHello.cipher_suites. + * RFC 7507 4. If a client sends a ClientHello.client_version containing a lower value + * than the latest (highest-valued) version supported by the client, it SHOULD include + * the TLS_FALLBACK_SCSV cipher suite value in ClientHello.cipher_suites [..]. (The + * client SHOULD put TLS_FALLBACK_SCSV after all cipher suites that it actually intends + * to negotiate.) */ if (fallback && !Arrays.Contains(mOfferedCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) { |