Class AbstractTlsPeer

Namespace

Org.BouncyCastle.Tls

Assembly

BouncyCastle.Cryptography.dll

Base class for a TLS client or server.

public abstract class AbstractTlsPeer : TlsPeer

Inheritance

object

AbstractTlsPeer

Implements

TlsPeer

Derived

AbstractTlsClient

AbstractTlsServer

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Constructors

AbstractTlsPeer(TlsCrypto)

protected AbstractTlsPeer(TlsCrypto crypto)

Parameters

crypto TlsCrypto

Properties

Crypto

public virtual TlsCrypto Crypto { get; }

Property Value

TlsCrypto

IgnoreCorruptDtlsRecords

Indicates whether a DTLS connection should ignore corrupt records (bad_record_mac) instead of failing the connection.

public virtual bool IgnoreCorruptDtlsRecords { get; }

Property Value

bool

The value true to ignore corrupt DTLS records, or false to fail the connection.

Remarks

Called only once at the start of a connection and applies throughout.

Methods

AllowLegacyResumption()

public virtual bool AllowLegacyResumption()

Returns

bool

Cancel()

public virtual void Cancel()

Exceptions

IOException

GetCipherSuites()

public abstract int[] GetCipherSuites()

Returns

int[]

GetHandshakeResendTimeMillis()

public virtual int GetHandshakeResendTimeMillis()

Returns

int

GetHandshakeTimeoutMillis()

Specify the timeout, in milliseconds, to use for the complete handshake process.

public virtual int GetHandshakeTimeoutMillis()

Returns

int

the handshake timeout, in milliseconds.

Remarks

NOTE: Currently only respected by DTLS protocols. Negative values are not allowed. A timeout of zero means an infinite timeout (i.e.the handshake will never time out).

GetHeartbeat()

Return a TlsHeartbeat instance that will control the generation of heartbeats locally (if permitted by the remote peer), or null to not generate heartbeats. Heartbeats are described in RFC 6520.

public virtual TlsHeartbeat GetHeartbeat()

Returns

TlsHeartbeat

an instance of TlsHeartbeat.

See Also

DefaultTlsHeartbeat

GetHeartbeatPolicy()

Return the heartbeat mode applicable to the remote peer. Heartbeats are described in RFC 6520.

public virtual short GetHeartbeatPolicy()

Returns

short

the HeartbeatMode value.

Remarks

See enumeration class HeartbeatMode for appropriate return values.

GetKeyExchangeFactory()

public virtual TlsKeyExchangeFactory GetKeyExchangeFactory()

Returns

TlsKeyExchangeFactory

Exceptions

IOException

GetMaxCertificateChainLength()

public virtual int GetMaxCertificateChainLength()

Returns

int

GetMaxHandshakeMessageSize()

public virtual int GetMaxHandshakeMessageSize()

Returns

int

GetProtocolVersions()

public abstract ProtocolVersion[] GetProtocolVersions()

Returns

ProtocolVersion[]

GetPskKeyExchangeModes()

public virtual short[] GetPskKeyExchangeModes()

Returns

short[]

GetSupportedCipherSuites()

protected abstract int[] GetSupportedCipherSuites()

Returns

int[]

GetSupportedVersions()

Get the ProtocolVersion values that are supported by this peer.

protected virtual ProtocolVersion[] GetSupportedVersions()

Returns

ProtocolVersion[]

an array of supported ProtocolVersion values.

Remarks

WARNING: Mixing DTLS and TLS versions in the returned array is currently NOT supported. Use a separate (sub-)class for each case.

NotifyAlertRaised(short, short, string, Exception)

This method will be called when an alert is raised by the protocol.

public virtual void NotifyAlertRaised(short alertLevel, short alertDescription, string message, Exception cause)

Parameters

alertLevel short

AlertLevel

alertDescription short

AlertDescription

message string

A human-readable message explaining what caused this alert. May be null.

cause Exception

The Exception that caused this alert to be raised. May be null.

NotifyAlertReceived(short, short)

This method will be called when an alert is received from the remote peer.

public virtual void NotifyAlertReceived(short alertLevel, short alertDescription)

Parameters

alertLevel short

AlertLevel

alertDescription short

AlertDescription

NotifyCloseHandle(TlsCloseable)

public virtual void NotifyCloseHandle(TlsCloseable closeHandle)

Parameters

closeHandle TlsCloseable

NotifyConnectionClosed()

public virtual void NotifyConnectionClosed()

NotifyHandshakeBeginning()

public virtual void NotifyHandshakeBeginning()

Exceptions

IOException

NotifyHandshakeComplete()

public virtual void NotifyHandshakeComplete()

Exceptions

IOException

NotifySecureRenegotiation(bool)

public virtual void NotifySecureRenegotiation(bool secureRenegotiation)

Parameters

secureRenegotiation bool

Exceptions

IOException

RequiresCloseNotify()

public virtual bool RequiresCloseNotify()

Returns

bool

Remarks

This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning false without a full understanding of the implications.

RequiresExtendedMasterSecret()

public virtual bool RequiresExtendedMasterSecret()

Returns

bool

true if the handshake should be aborted when the peer does not negotiate the extended_master_secret extension, or false to support legacy interoperability.

Remarks

This implementation supports RFC 7627 and will always negotiate the extended_master_secret extension where possible. When connecting to a peer that does not offer/accept this extension, it is recommended to abort the handshake.This option is provided for interoperability with legacy peers, although some TLS features will be disabled in that case (see RFC 7627 5.4).

ShouldCheckSigAlgOfPeerCerts()

public virtual bool ShouldCheckSigAlgOfPeerCerts()

Returns

bool

ShouldUseExtendedMasterSecret()

public virtual bool ShouldUseExtendedMasterSecret()

Returns

bool

ShouldUseExtendedPadding()

See RFC 5246 6.2.3.2. Controls whether block cipher encryption may randomly add extra padding beyond the minimum.

public virtual bool ShouldUseExtendedPadding()

Returns

bool

true if random extra padding should be added during block cipher encryption, or false to always use the minimum amount of required padding.

Remarks

Note that in configurations where this is known to be potential security risk this setting will be ignored (and extended padding disabled). Extra padding is always supported when decrypting received records.

ShouldUseGmtUnixTime()

draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set gmt_unix_time as an option only, off by default.".

public virtual bool ShouldUseGmtUnixTime()

Returns

bool

true if the current time should be used in the gmt_unix_time field of Random, or false if gmt_unix_time should contain a cryptographically random value.

Remarks

NOTE: For a server that has negotiated TLS 1.3 (or later), or a client that has offered TLS 1.3 (or later), this is not called and gmt_unix_time is not used.