pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:666: Inside #if constant(Crypto.ECC.Curve) && constant(Crypto.AES.GCM) && constant(Crypto.SHA384)
  //!   //! @note   //! Note also that for Suite B server operation compliant certificates   //! need to be added with @[add_cert()].   //!   //! @seealso   //! @[get_suites()]   void configure_suite_b(int(128..)|void min_keylength,    int(0..)|void strictness_level)   { -  if (min_keylength < 128) min_keylength = 128; +  if (min_keylength!=256) +  error("Only keylength 256 supported.\n");    -  if (min_keylength > 128) { +     preferred_suites = ({    TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384,    }); -  } else { -  preferred_suites = ({ -  TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256, -  TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384, -  }); -  } +        max_version = PROTOCOL_TLS_MAX;    min_version = PROTOCOL_TLS_1_2;       if (strictness_level < 2) {    // Transitional or permissive mode.       // Allow TLS 1.0.    min_version = PROTOCOL_TLS_1_0;       // First add the transitional suites. -  if (min_keylength > 128) { -  // Transitional Suite B Combination 2 +     preferred_suites += ({    TLS_ecdhe_ecdsa_with_aes_256_cbc_sha,    }); -  } else { -  // Transitional Suite B Combination 1 -  preferred_suites += ({ -  TLS_ecdhe_ecdsa_with_aes_128_cbc_sha, -  TLS_ecdhe_ecdsa_with_aes_256_cbc_sha, -  }); -  } +        if (strictness_level < 1) {    // Permissive mode. Add the remaining suites of    // the required strength.    preferred_suites += get_suites(min_keylength) - preferred_suites;    }    }   }      #endif /* Crypto.ECC.Curve && Crypto.AES.GCM && Crypto.SHA384 */