NSASuiteB128

NSA Suite B 128-bit security level (see @rfc 6460)

Members

Functions

acceptableProtocolVersion
bool acceptableProtocolVersion(TLSProtocolVersion _version)
Undocumented in source. Be warned that the author may not have intended to support it.
allowedCiphers
Vector!string allowedCiphers()
Undocumented in source. Be warned that the author may not have intended to support it.
allowedEccCurves
Vector!string allowedEccCurves()
Undocumented in source. Be warned that the author may not have intended to support it.
allowedKeyExchangeMethods
Vector!string allowedKeyExchangeMethods()
Undocumented in source. Be warned that the author may not have intended to support it.
allowedMacs
Vector!string allowedMacs()
Undocumented in source. Be warned that the author may not have intended to support it.
allowedSignatureHashes
Vector!string allowedSignatureHashes()
Undocumented in source. Be warned that the author may not have intended to support it.
allowedSignatureMethods
Vector!string allowedSignatureMethods()
Undocumented in source. Be warned that the author may not have intended to support it.

Inherited Members

From TLSPolicy

allowedCiphers
Vector!string allowedCiphers()

Returns a list of ciphers we are willing to negotiate, in order of preference.

allowedSignatureHashes
Vector!string allowedSignatureHashes()

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

allowedMacs
Vector!string allowedMacs()

Returns a list of MAC algorithms we are willing to use.

allowedKeyExchangeMethods
Vector!string allowedKeyExchangeMethods()

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

allowedSignatureMethods
Vector!string allowedSignatureMethods()

Returns a list of signature algorithms we are willing to use, in order of preference. Allowed values RSA and DSA.

allowedEccCurves
Vector!string allowedEccCurves()

Return list of ECC curves we are willing to use in order of preference

compression
Vector!ubyte compression()

Returns a list of compression algorithms we are willing to use, in order of preference. Allowed values any value of Compression_Method.

chooseCurve
string chooseCurve(Vector!string curve_names)

Choose an elliptic curve to use

negotiateHeartbeatSupport
bool negotiateHeartbeatSupport()

Attempt to negotiate the use of the heartbeat extension

allowInsecureRenegotiation
bool allowInsecureRenegotiation()

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

includeTimeInHelloRandom
bool includeTimeInHelloRandom()

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

allowServerInitiatedRenegotiation
bool allowServerInitiatedRenegotiation()

Allow servers to initiate a new handshake

dhGroup
DLGroup dhGroup()

Return the group to use for ephemeral Diffie-Hellman key agreement

minimumDhGroupSize
size_t minimumDhGroupSize()

Return the minimum DH group size we're willing to use

hideUnknownUsers
bool hideUnknownUsers()

If this function returns false, unknown SRP/PSK identifiers will be rejected with an unknown_psk_identifier alert as soon as the non-existence is identified. Otherwise, a false identifier value will be used and the protocol allowed to proceed, causing the handshake to eventually fail without revealing that the username does not exist on this system.

sessionTicketLifetime
Duration sessionTicketLifetime()

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. Expired session tickets cannot be used to resume a session.

acceptableProtocolVersion
bool acceptableProtocolVersion(TLSProtocolVersion _version)
latestSupportedVersion
TLSProtocolVersion latestSupportedVersion(bool datagram)

Returns the more recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable use of TLS v1.2 (which is *not recommended*)

sendFallbackSCSV
bool sendFallbackSCSV(TLSProtocolVersion _version)

When offering this version, should we send a fallback SCSV? Default returns true iff version is the latest version the policy allows, exists to allow override in case of interop problems.

acceptableCiphersuite
bool acceptableCiphersuite(TLSCiphersuite )

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

serverUsesOwnCiphersuitePreferences
bool serverUsesOwnCiphersuitePreferences()
ciphersuiteList
Vector!ushort ciphersuiteList(TLSProtocolVersion _version, bool have_srp)

Return allowed ciphersuites, in order of preference

~this
~this()
Undocumented in source.

Meta