diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-16 15:54:04 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-16 15:54:04 +0000 |
| commit | 390e49056a8b0c257def6c3232c5a68d84f43a72 (patch) | |
| tree | 998bd3e584b1156a158df8d57e988d70dd4c1fe3 /third_party/tlslite | |
| parent | 4d47f07d5673fd633da5e3c0dda6a1c99819b489 (diff) | |
| download | chromium_src-390e49056a8b0c257def6c3232c5a68d84f43a72.zip chromium_src-390e49056a8b0c257def6c3232c5a68d84f43a72.tar.gz chromium_src-390e49056a8b0c257def6c3232c5a68d84f43a72.tar.bz2 | |
tlslite: document a couple of new parameters.
This is a followup to address some post-submit comments on
https://codereview.chromium.org/109563002/.
Comment only change. No semantic effect.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240907 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/tlslite')
| -rw-r--r-- | third_party/tlslite/patches/fallback_scsv.patch | 20 | ||||
| -rw-r--r-- | third_party/tlslite/tlslite/TLSConnection.py | 13 |
2 files changed, 33 insertions, 0 deletions
diff --git a/third_party/tlslite/patches/fallback_scsv.patch b/third_party/tlslite/patches/fallback_scsv.patch index 3cfb67a..e4fb3d8 100644 --- a/third_party/tlslite/patches/fallback_scsv.patch +++ b/third_party/tlslite/patches/fallback_scsv.patch @@ -12,6 +12,26 @@ index d2270a9..e6ce187 100644 """Perform a handshake in the role of server. This function performs an SSL or TLS handshake. Depending on +@@ -1014,6 +1014,19 @@ class TLSConnection(TLSRecordLayer): + binary 8-bit string) that will be sent as a TLS extension whenever + the client announces support for the extension. + ++ @type tlsIntolerant: int ++ @param tlsIntolerant: if non-zero, the server will simulate TLS ++ version intolerance by returning a fatal, handshake_failure alert. ++ The versions to which it's intolerant vary depending on the value: ++ 1: reject all TLS versions. ++ 2: reject TLS 1.1 or higher. ++ 3: reject TLS 1.2 or higher. ++ ++ @type fallbackSCSV: bool ++ @param fallbackSCSV: if true, the server will implement ++ TLS_FALLBACK_SCSV and thus reject connections using less than the ++ server's maximum TLS version that include this cipher suite. ++ + @raise socket.error: If a socket error occurs. + @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed + without a preceding alert. @@ -1022,7 +1023,8 @@ class TLSConnection(TLSRecordLayer): """ for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py index e6ce187..c5722d6 100644 --- a/third_party/tlslite/tlslite/TLSConnection.py +++ b/third_party/tlslite/tlslite/TLSConnection.py @@ -1014,6 +1014,19 @@ class TLSConnection(TLSRecordLayer): binary 8-bit string) that will be sent as a TLS extension whenever the client announces support for the extension. + @type tlsIntolerant: int + @param tlsIntolerant: if non-zero, the server will simulate TLS + version intolerance by returning a fatal, handshake_failure alert. + The versions to which it's intolerant vary depending on the value: + 1: reject all TLS versions. + 2: reject TLS 1.1 or higher. + 3: reject TLS 1.2 or higher. + + @type fallbackSCSV: bool + @param fallbackSCSV: if true, the server will implement + TLS_FALLBACK_SCSV and thus reject connections using less than the + server's maximum TLS version that include this cipher suite. + @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. |