diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-14 19:20:36 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-15 10:00:45 +0200 |
commit | eee2b7554f8831a8b32c8f1b68bb23ff3114fea4 (patch) | |
tree | 0df0d2c6f700fe1a6d0eb27d0872015c0458d340 /lib/includes/gnutls/gnutls.h.in | |
parent | 17594818f41d5c6e63ae499537f5993c7faa93c9 (diff) | |
download | gnutls-eee2b7554f8831a8b32c8f1b68bb23ff3114fea4.tar.gz |
Updated false start support to be transparent to applications.
That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced
for gnutls_init(), and that enables support for false start. At
this point false start will be performed by the handshake if possible,
and gnutls_record_recv() will handle handshake completion.
Diffstat (limited to 'lib/includes/gnutls/gnutls.h.in')
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 8f2df57049..98014aa11b 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -354,6 +354,7 @@ typedef enum { * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. * @GNUTLS_ALLOW_CERT_CHANGE: Allow the peer to replace its certificate during a rehandshake. This change is often used in attacks and thus prohibited by default (since 3.5.0). + * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start (since 3.5.0). * * Enumeration of different flags for gnutls_init() function. All the flags * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually @@ -367,7 +368,8 @@ typedef enum { GNUTLS_NO_EXTENSIONS = (1<<4), GNUTLS_NO_REPLAY_PROTECTION = (1<<5), GNUTLS_NO_SIGNAL = (1<<6), - GNUTLS_ALLOW_CERT_CHANGE = (1<<7) + GNUTLS_ALLOW_CERT_CHANGE = (1<<7), + GNUTLS_ENABLE_FALSE_START = (1<<8) } gnutls_init_flags_t; /** @@ -1488,10 +1490,6 @@ void gnutls_handshake_set_post_client_hello_function(gnutls_session_t session, gnutls_handshake_simple_hook_func func); -int gnutls_handshake_set_false_start_function(gnutls_session_t session, - gnutls_handshake_simple_hook_func func, - unsigned flags); - void gnutls_handshake_set_max_packet_length(gnutls_session_t session, size_t max); @@ -2734,6 +2732,7 @@ int gnutls_fips140_mode_enabled(void); #define GNUTLS_E_NEED_FALLBACK -405 #define GNUTLS_E_SESSION_CERTIFICATE_CHANGED -406 +#define GNUTLS_E_HANDSHAKE_DURING_FALSE_START -407 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 |