Commit 73ae24f1 authored by Brian Carlstrom's avatar Brian Carlstrom
Browse files

Add support for TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite

"TLS_EMPTY_RENEGOTIATION_INFO_SCSV" is RFC 5746's renegotiation
indication signaling cipher suite value. It is not a real cipher
suite. It is just an indication in the default and supported cipher
suite lists indicates that the implementation supports secure
renegotiation.

In the RI, its presence means that the SCSV is sent in the cipher
suite list to indicate secure renegotiation support and its absence
means to send an empty TLS renegotiation info extension instead.

However, OpenSSL doesn't provide an API to give this level of control,
instead always sending the SCSV and always including the empty
renegotiation info if TLS is used (as opposed to SSL). So we simply
allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to be passed for compatibility
as to provide the hint that we support secure renegotiation.

Change-Id: I0850bea47568edcfb1f7df99d4e8a747f938406d
parent 3f27f010
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment