Move notifySecureRenegotiation into TlsPeer and have both client and

server default to handshake_failure if secure_renegotiation is false.
author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-25 17:14:42 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-25 17:14:42 +0400
commit: 235e0f6638a5e6efd584409bae3e15d2fa3956a5 (patch)
tree: 4d35b7f2c9aa673e6c6a305d87f084fdadd9f5b1 /core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
parent: 15c31a82f587249d85c6f11244226ec3ed653117 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
index 4ea86cca..80d6af73 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
@@ -5,6 +5,18 @@ import java.io.IOException;
 public abstract class AbstractTlsPeer
     implements TlsPeer
 {
+    public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException
+    {
+        if (!secureRenegotiation)
+        {
+            /*
+             * RFC 5746 3.4/3.6. In this case, some clients/servers may want to terminate the handshake instead
+             * of continuing; see Section 4.1/4.3 for discussion.
+             */
+            throw new TlsFatalAlert(AlertDescription.handshake_failure);
+        }
+    }
+
     public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Exception cause)
     {
     }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-25 17:14:42 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-25 17:14:42 +0400
commit	235e0f6638a5e6efd584409bae3e15d2fa3956a5 (patch)
tree	4d35b7f2c9aa673e6c6a305d87f084fdadd9f5b1 /core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
parent	15c31a82f587249d85c6f11244226ec3ed653117 (diff)