Implement initial negotiation of EtM Not implemented yet: - actually using EtM - conditions on renegotiation

commit: 699cafaea27c72ea68aa85bd8a4e18afb879e272 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 27 13:57:03 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 16:00:50 2014 +0100
tree: ae1f68b549b18c1b597e7a3911d923cd3ffa440e
parent: b3c6a97b31eebbd8867f1ee99e54d34fb9028d85 [diff] [blame]
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index dfe2764..6e736e2 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -811,6 +811,24 @@
  */
 //#define POLARSSL_SSL_DEBUG_ALL
 
+/** \def POLARSSL_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: POLARSSL_SSL_PROTO_TLS1    or
+ *           POLARSSL_SSL_PROTO_TLS1_1  or
+ *           POLARSSL_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define POLARSSL_SSL_ENCRYPT_THEN_MAC
+
 /** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
  *
  * Enable support for Extended Master Secret, aka Session Hash
commit	699cafaea27c72ea68aa85bd8a4e18afb879e272	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Oct 27 13:57:03 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Nov 05 16:00:50 2014 +0100
tree	ae1f68b549b18c1b597e7a3911d923cd3ffa440e
parent	b3c6a97b31eebbd8867f1ee99e54d34fb9028d85 [diff] [blame]