DatagramPolicy

TLSPolicy for DTLS. We require DTLS v1.2 and an AEAD mode

Members

Functions

acceptableProtocolVersion
bool acceptableProtocolVersion(TLSProtocolVersion _version)
Undocumented in source. Be warned that the author may not have intended to support it.
allowedMacs
Vector!string allowedMacs()
Undocumented in source. Be warned that the author may not have intended to support it.

Inherited Members

From TLSPolicy

enabledExtensions
Vector!HandshakeExtensionType enabledExtensions()
Undocumented in source. Be warned that the author may not have intended to support it.
ecPointFormats
Vector!ubyte ecPointFormats()

Returns a list of EC Point Formats supported, only 0x00 (Uncompressed) is supported at the moment.

allowedCiphers
Vector!string allowedCiphers()

Returns a list of ciphers we are willing to negotiate, in order of preference.

allowedSignatureHashes
Vector!string allowedSignatureHashes()

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

allowedMacs
Vector!string allowedMacs()

Returns a list of MAC algorithms we are willing to use.

allowedKeyExchangeMethods
Vector!string allowedKeyExchangeMethods()

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

allowedSignatureMethods
Vector!string allowedSignatureMethods()

Returns a list of signature algorithms we are willing to use, in order of preference. Allowed values RSA and DSA.

allowedEccCurves
Vector!string allowedEccCurves()

Return list of ECC curves we are willing to use in order of preference

compression
Vector!ubyte compression()

Returns a list of compression algorithms we are willing to use, in order of preference. Allowed values any value of Compression_Method.

chooseCurve
string chooseCurve(Vector!string curve_names)

Choose an elliptic curve to use

negotiateHeartbeatSupport
bool negotiateHeartbeatSupport()

Attempt to negotiate the use of the heartbeat extension

allowInsecureRenegotiation
bool allowInsecureRenegotiation()

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

includeTimeInHelloRandom
bool includeTimeInHelloRandom()

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

allowServerInitiatedRenegotiation
bool allowServerInitiatedRenegotiation()

Allow servers to initiate a new handshake

dhGroup
DLGroup dhGroup()

Return the group to use for ephemeral Diffie-Hellman key agreement

minimumDhGroupSize
size_t minimumDhGroupSize()

Return the minimum DH group size we're willing to use

hideUnknownUsers
bool hideUnknownUsers()

If this function returns false, unknown SRP/PSK identifiers will be rejected with an unknown_psk_identifier alert as soon as the non-existence is identified. Otherwise, a false identifier value will be used and the protocol allowed to proceed, causing the handshake to eventually fail without revealing that the username does not exist on this system.

sessionTicketLifetime
Duration sessionTicketLifetime()

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. Expired session tickets cannot be used to resume a session.

acceptableProtocolVersion
bool acceptableProtocolVersion(TLSProtocolVersion _version)
latestSupportedVersion
TLSProtocolVersion latestSupportedVersion(bool datagram)

Returns the more recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable use of TLS v1.2 (which is *not recommended*)

sendFallbackSCSV
bool sendFallbackSCSV(TLSProtocolVersion _version)

When offering this version, should we send a fallback SCSV? Default returns true iff version is the latest version the policy allows, exists to allow override in case of interop problems.

acceptableCiphersuite
bool acceptableCiphersuite(TLSCiphersuite )

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

allowClientHelloGrease
bool allowClientHelloGrease()

Apply GREASE to TLS extensibility draft-davidben-tls-grease-01. This will add 2 extensions of distinct types 0x?a?a (1 empty at the beginning and 1 with 1 byte at the end) It will also add an invalid ciphersuite of type 0x?a?a and an invalid ECC curve of type 0x?a?a These are purposely invalid and the client will fail and close the connection if the server accepts them

serverUsesOwnCiphersuitePreferences
bool serverUsesOwnCiphersuitePreferences()
signatureAlgorithms
Vector!ubyte signatureAlgorithms()
Undocumented in source. Be warned that the author may not have intended to support it.
ciphersuiteList
Vector!ushort ciphersuiteList(TLSProtocolVersion _version, bool have_srp)

Return allowed ciphersuites, in order of preference

~this
~this()
Undocumented in source.

Meta