Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-23 15:55:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implement initial negotiation of EtM

Browse source 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
This commit is contained in:
Manuel Pégourié-Gonnard 2014-10-27 13:57:03 +01:00
parent b3c6a97b31
commit 699cafaea2
9 changed files with 308 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
include/polarssl/config.h
View file

@ -811,6 +811,24 @@
*/
//#define POLARSSL_SSL_DEBUG_ALL
/** \def POLARSSL_SSL_ENCRYPT_THEN_MAC
*
* Enable support for Encrypt-then-MAC, RFC 7366.
*
* This allows peers that both support it to use a more robust protection for
* ciphersuites using CBC, providing deep resistance against timing attacks
* on the padding or underlying cipher.
*
* This only affects CBC ciphersuites, and is useless if none is defined.
*
* Requires: POLARSSL_SSL_PROTO_TLS1 or
* POLARSSL_SSL_PROTO_TLS1_1 or
* POLARSSL_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Encrypt-then-MAC
*/
#define POLARSSL_SSL_ENCRYPT_THEN_MAC
/** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
*
* Enable support for Extended Master Secret, aka Session Hash