diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-20 17:56:23 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-20 17:56:23 +0400 |
commit | 8f79f999f84dee49eb8a8244dd47d71f94b641cc (patch) | |
tree | fbc6d0e94de5b51690382481b31ec540d05ec0c9 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | |
parent | b56d8809108ba95756880d95f971a624fd9da84d (diff) |
Add support for max_fragment_length extension to D/TLS protocols
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 018ec6d5..b378c887 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -78,7 +78,7 @@ public class DTLSServerProtocol } } - public DTLSTransport serverHandshake(ServerHandshakeState state, DTLSRecordLayer recordLayer) + protected DTLSTransport serverHandshake(ServerHandshakeState state, DTLSRecordLayer recordLayer) throws IOException { SecurityParameters securityParameters = state.serverContext.getSecurityParameters(); @@ -103,6 +103,11 @@ public class DTLSServerProtocol } byte[] serverHelloBody = generateServerHello(state); + if (state.maxFragmentLength >= 0) + { + int plainTextLimit = 1 << (8 + state.maxFragmentLength); + recordLayer.setPlaintextLimit(plainTextLimit); + } handshake.sendMessage(HandshakeType.server_hello, serverHelloBody); // TODO This block could really be done before actually sending the hello @@ -394,6 +399,9 @@ public class DTLSServerProtocol if (state.serverExtensions != null) { + state.maxFragmentLength = evaluateMaxFragmentLengthExtension(state.clientExtensions, state.serverExtensions, + AlertDescription.internal_error); + securityParameters.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(state.serverExtensions); // TODO[RFC 3546] Should this code check that the 'extension_data' is empty? @@ -637,6 +645,7 @@ public class DTLSServerProtocol int selectedCipherSuite = -1; short selectedCompressionMethod = -1; boolean secure_renegotiation = false; + short maxFragmentLength = -1; boolean allowCertificateStatus = false; boolean expectSessionTicket = false; Hashtable serverExtensions = null; |