Interface TlsPeer

Namespace

Org.BouncyCastle.Tls

Assembly

BouncyCastle.Cryptography.dll

Base interface for a (D)TLS endpoint.

public interface TlsPeer

Properties

Crypto

TlsCrypto Crypto { get; }

Property Value

TlsCrypto

IgnoreCorruptDtlsRecords

Indicates whether a DTLS connection should ignore corrupt records (bad_record_mac) instead of failing the connection.

bool IgnoreCorruptDtlsRecords { get; }

Property Value

bool

The value true to ignore corrupt DTLS records, or false to fail the connection.

Remarks

Called only once at the start of a connection and applies throughout.

Methods

AllowLegacyResumption()

bool AllowLegacyResumption()

Returns

bool

Cancel()

void Cancel()

Exceptions

IOException

GetCipherSuites()

int[] GetCipherSuites()

Returns

int[]

GetHandshakeTimeoutMillis()

Specify the timeout, in milliseconds, to use for the complete handshake process.

int GetHandshakeTimeoutMillis()

Returns

int

the handshake timeout, in milliseconds.

Remarks

NOTE: Currently only respected by DTLS protocols. Negative values are not allowed. A timeout of zero means an infinite timeout (i.e.the handshake will never time out).

GetHeartbeat()

Return a TlsHeartbeat instance that will control the generation of heartbeats locally (if permitted by the remote peer), or null to not generate heartbeats. Heartbeats are described in RFC 6520.

TlsHeartbeat GetHeartbeat()

Returns

TlsHeartbeat

an instance of TlsHeartbeat.

See Also

DefaultTlsHeartbeat

GetHeartbeatPolicy()

Return the heartbeat mode applicable to the remote peer. Heartbeats are described in RFC 6520.

short GetHeartbeatPolicy()

Returns

short

the HeartbeatMode value.

Remarks

See enumeration class HeartbeatMode for appropriate return values.

GetKeyExchangeFactory()

TlsKeyExchangeFactory GetKeyExchangeFactory()

Returns

TlsKeyExchangeFactory

Exceptions

IOException

GetMaxCertificateChainLength()

int GetMaxCertificateChainLength()

Returns

int

GetMaxHandshakeMessageSize()

int GetMaxHandshakeMessageSize()

Returns

int

GetProtocolVersions()

ProtocolVersion[] GetProtocolVersions()

Returns

ProtocolVersion[]

GetPskKeyExchangeModes()

short[] GetPskKeyExchangeModes()

Returns

short[]

NotifyAlertRaised(short, short, string, Exception)

This method will be called when an alert is raised by the protocol.

void NotifyAlertRaised(short alertLevel, short alertDescription, string message, Exception cause)

Parameters

alertLevel short

AlertLevel

alertDescription short

AlertDescription

message string

A human-readable message explaining what caused this alert. May be null.

cause Exception

The Exception that caused this alert to be raised. May be null.

NotifyAlertReceived(short, short)

This method will be called when an alert is received from the remote peer.

void NotifyAlertReceived(short alertLevel, short alertDescription)

Parameters

alertLevel short

AlertLevel

alertDescription short

AlertDescription

NotifyCloseHandle(TlsCloseable)

void NotifyCloseHandle(TlsCloseable closehandle)

Parameters

closehandle TlsCloseable

NotifyHandshakeBeginning()

Notifies the peer that a new handshake is about to begin.

void NotifyHandshakeBeginning()

Exceptions

IOException

NotifyHandshakeComplete()

Notifies the peer that the handshake has been successfully completed.

void NotifyHandshakeComplete()

Exceptions

IOException

NotifySecureRenegotiation(bool)

RFC 5746 3.4/3.6. In case this is false, peers may want to terminate the handshake instead of continuing; see Section 4.1/4.3 for discussion.

void NotifySecureRenegotiation(bool secureRenegotiation)

Parameters

secureRenegotiation bool

Remarks

NOTE: TLS 1.3 forbids renegotiation, so this is never called when TLS 1.3 (or later) was negotiated.

Exceptions

IOException

RequiresCloseNotify()

bool RequiresCloseNotify()

Returns

bool

Remarks

This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning false without a full understanding of the implications.

RequiresExtendedMasterSecret()

bool RequiresExtendedMasterSecret()

Returns

bool

true if the handshake should be aborted when the peer does not negotiate the extended_master_secret extension, or false to support legacy interoperability.

Remarks

This implementation supports RFC 7627 and will always negotiate the extended_master_secret extension where possible. When connecting to a peer that does not offer/accept this extension, it is recommended to abort the handshake.This option is provided for interoperability with legacy peers, although some TLS features will be disabled in that case (see RFC 7627 5.4).

ShouldUseExtendedMasterSecret()

bool ShouldUseExtendedMasterSecret()

Returns

bool

ShouldUseExtendedPadding()

See RFC 5246 6.2.3.2. Controls whether block cipher encryption may randomly add extra padding beyond the minimum.

bool ShouldUseExtendedPadding()

Returns

bool

true if random extra padding should be added during block cipher encryption, or false to always use the minimum amount of required padding.

Remarks

Note that in configurations where this is known to be potential security risk this setting will be ignored (and extended padding disabled). Extra padding is always supported when decrypting received records.

ShouldUseGmtUnixTime()

draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set gmt_unix_time as an option only, off by default.".

bool ShouldUseGmtUnixTime()

Returns

bool

true if the current time should be used in the gmt_unix_time field of Random, or false if gmt_unix_time should contain a cryptographically random value.

Remarks

NOTE: For a server that has negotiated TLS 1.3 (or later), or a client that has offered TLS 1.3 (or later), this is not called and gmt_unix_time is not used.