/* * Copyright (c) 2015 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ #pragma once namespace Swift { class TLSContext; class TLSOptions { public: TLSOptions() : schannelTLS1_0Workaround(false) { } /** * A bug in the Windows SChannel TLS stack, combined with * overly-restrictive server stacks means it's sometimes necessary to * not use TLS>1.0. This option has no effect unless compiled on * Windows against SChannel (OpenSSL users are unaffected). */ bool schannelTLS1_0Workaround; /** * OpenSSL configuration flags */ boost::optional workaroundMicrosoftSessID; boost::optional workaroundNetscapeChallenge; boost::optional workaroundNetscapeReuseCipherChange; boost::optional workaroundSSLRef2ReuseCertType; boost::optional workaroundMicrosoftBigSSLv3Buffer; boost::optional workaroundSSLeay080ClientDH; boost::optional workaroundTLSD5; boost::optional workaroundTLSBlockPadding; boost::optional workaroundDontInsertEmptyFragments; boost::optional workaroundAll; boost::optional suppressSSLv2; boost::optional suppressSSLv3; boost::optional suppressTLSv1; boost::optional disableTLSRollBackBug; boost::optional singleDHUse; /** * Other OpenSSL configuration items */ boost::optional cipherSuites; boost::optional context; boost::optional sessionCacheTimeout; boost::optional verifyDepth; enum class VerifyMode { None, Required, Optional }; boost::optional verifyMode; /** * Callback for certificate verification */ boost::optional> verifyCertificateCallback; }; }