public void processServerExtensions(Hashtable serverExtensions) throws IOException { /* * TlsProtocol implementation validates that any server extensions received correspond to * client extensions sent. By default, we don't send any, and this method is not called. */ if (serverExtensions != null) { /* * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension. */ checkForUnexpectedServerExtension(serverExtensions, TlsUtils.EXT_signature_algorithms); checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_elliptic_curves); if (TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) { this.serverECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(serverExtensions); } else { checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_ec_point_formats); } /* * RFC 7685 3. The server MUST NOT echo the extension. */ checkForUnexpectedServerExtension(serverExtensions, TlsExtensionsUtils.EXT_padding); } }
public ProtocolVersion getClientHelloRecordLayerVersion() { // "{03,00}" // return ProtocolVersion.SSLv3; // "the lowest version number supported by the client" // return getMinimumVersion(); // "the value of ClientHello.client_version" return getClientVersion(); }
public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException { if (!getMinimumVersion().isEqualOrEarlierVersionOf(serverVersion)) { throw new TlsFatalAlert(AlertDescription.protocol_version); } }
protected void checkForUnexpectedServerExtension(Hashtable serverExtensions, Integer extensionType) throws IOException { byte[] extensionData = TlsUtils.getExtensionData(serverExtensions, extensionType); if (extensionData != null && !allowUnexpectedServerExtension(extensionType, extensionData)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } }
public void processServerExtensions(Hashtable serverExtensions) throws IOException { if (!TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsSRPUtils.EXT_SRP, AlertDescription.illegal_parameter)) { if (requireSRPServerExtension()) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } super.processServerExtensions(serverExtensions); }
public Hashtable getClientExtensions() throws IOException { Hashtable clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions()); TlsSRPUtils.addSRPExtension(clientExtensions, this.identity); return clientExtensions; }
if (TlsECCUtils.containsECCCipherSuites(getCipherSuites()))
public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException { if (!getMinimumVersion().isEqualOrEarlierVersionOf(serverVersion)) { throw new TlsFatalAlert(AlertDescription.protocol_version); } }
protected void checkForUnexpectedServerExtension(Hashtable serverExtensions, Integer extensionType) throws IOException { byte[] extensionData = TlsUtils.getExtensionData(serverExtensions, extensionType); if (extensionData != null && !allowUnexpectedServerExtension(extensionType, extensionData)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } }
public void processServerExtensions(Hashtable serverExtensions) throws IOException { if (!TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsSRPUtils.EXT_SRP, AlertDescription.illegal_parameter)) { if (requireSRPServerExtension()) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } super.processServerExtensions(serverExtensions); }
public Hashtable getClientExtensions() throws IOException { Hashtable clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions()); TlsSRPUtils.addSRPExtension(clientExtensions, this.identity); return clientExtensions; }
if (TlsECCUtils.containsECCCipherSuites(getCipherSuites()))
/** * RFC 5246 E.1. "TLS clients that wish to negotiate with older servers MAY send any value * {03,XX} as the record layer version number. Typical values would be {03,00}, the lowest * version number supported by the client, and the value of ClientHello.client_version. No * single value will guarantee interoperability with all old servers, but this is a complex * topic beyond the scope of this document." */ public ProtocolVersion getClientHelloRecordLayerVersion() { // "{03,00}" // return ProtocolVersion.SSLv3; // "the lowest version number supported by the client" // return getMinimumVersion(); // "the value of ClientHello.client_version" return getClientVersion(); }
public void processServerExtensions(Hashtable serverExtensions) throws IOException { /* * TlsProtocol implementation validates that any server extensions received correspond to * client extensions sent. By default, we don't send any, and this method is not called. */ if (serverExtensions != null) { /* * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension. */ checkForUnexpectedServerExtension(serverExtensions, TlsUtils.EXT_signature_algorithms); checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_elliptic_curves); if (TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) { this.serverECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(serverExtensions); } else { checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_ec_point_formats); } } }