diff options
| -rw-r--r-- | third_party/tlslite/patches/fallback_scsv.patch | 20 | ||||
| -rw-r--r-- | third_party/tlslite/tlslite/TLSConnection.py | 13 |
2 files changed, 33 insertions, 0 deletions
diff --git a/third_party/tlslite/patches/fallback_scsv.patch b/third_party/tlslite/patches/fallback_scsv.patch index 3cfb67a..e4fb3d8 100644 --- a/third_party/tlslite/patches/fallback_scsv.patch +++ b/third_party/tlslite/patches/fallback_scsv.patch @@ -12,6 +12,26 @@ index d2270a9..e6ce187 100644 """Perform a handshake in the role of server. This function performs an SSL or TLS handshake. Depending on +@@ -1014,6 +1014,19 @@ class TLSConnection(TLSRecordLayer): + binary 8-bit string) that will be sent as a TLS extension whenever + the client announces support for the extension. + ++ @type tlsIntolerant: int ++ @param tlsIntolerant: if non-zero, the server will simulate TLS ++ version intolerance by returning a fatal, handshake_failure alert. ++ The versions to which it's intolerant vary depending on the value: ++ 1: reject all TLS versions. ++ 2: reject TLS 1.1 or higher. ++ 3: reject TLS 1.2 or higher. ++ ++ @type fallbackSCSV: bool ++ @param fallbackSCSV: if true, the server will implement ++ TLS_FALLBACK_SCSV and thus reject connections using less than the ++ server's maximum TLS version that include this cipher suite. ++ + @raise socket.error: If a socket error occurs. + @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed + without a preceding alert. @@ -1022,7 +1023,8 @@ class TLSConnection(TLSRecordLayer): """ for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py index e6ce187..c5722d6 100644 --- a/third_party/tlslite/tlslite/TLSConnection.py +++ b/third_party/tlslite/tlslite/TLSConnection.py @@ -1014,6 +1014,19 @@ class TLSConnection(TLSRecordLayer): binary 8-bit string) that will be sent as a TLS extension whenever the client announces support for the extension. + @type tlsIntolerant: int + @param tlsIntolerant: if non-zero, the server will simulate TLS + version intolerance by returning a fatal, handshake_failure alert. + The versions to which it's intolerant vary depending on the value: + 1: reject all TLS versions. + 2: reject TLS 1.1 or higher. + 3: reject TLS 1.2 or higher. + + @type fallbackSCSV: bool + @param fallbackSCSV: if true, the server will implement + TLS_FALLBACK_SCSV and thus reject connections using less than the + server's maximum TLS version that include this cipher suite. + @raise socket.error: If a socket error occurs. @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed without a preceding alert. |