57 std::string_view str)
noexcept;
134 [[nodiscard]] std::string_view
profile_name()
const noexcept;
184 "TLS_AES_256_GCM_SHA384:"
185 "TLS_AES_128_GCM_SHA256:"
186 "TLS_CHACHA20_POLY1305_SHA256";
190 "TLS_AES_256_GCM_SHA384:"
191 "TLS_CHACHA20_POLY1305_SHA256";
195 "ECDHE-ECDSA-AES256-GCM-SHA384:"
196 "ECDHE-RSA-AES256-GCM-SHA384:"
197 "ECDHE-ECDSA-CHACHA20-POLY1305:"
198 "ECDHE-RSA-CHACHA20-POLY1305:"
199 "ECDHE-ECDSA-AES128-GCM-SHA256:"
200 "ECDHE-RSA-AES128-GCM-SHA256";
TLS security policy configuration.
static tls_policy bcp195_extended_profile()
Create an extended profile (TLS 1.3 only)
uint16_t min_protocol_version() const noexcept
bool is_version_allowed(uint16_t version) const noexcept
Check if a TLS version is allowed by this policy.
const cipher_suite_spec & cipher_suites() const noexcept
std::string_view profile_name() const noexcept
tls_policy(tls_profile prof, uint16_t min_ver, uint16_t max_ver, bool non_downgrade, cipher_suite_spec ciphers, certificate_constraints certs)
static constexpr uint16_t kTls13Version
std::string_view tls12_ciphersuites() const noexcept
Get the TLS 1.2 cipher suites string for OpenSSL.
static tls_policy bcp195_non_downgrading_profile()
Create a BCP 195 non-downgrading profile policy.
tls_profile profile() const noexcept
static constexpr std::string_view kTls13Required
TLS 1.3 required cipher suites (BCP 195)
certificate_constraints cert_constraints_
static constexpr std::string_view kTls12Recommended
TLS 1.2 BCP 195 recommended cipher suites.
const certificate_constraints & cert_constraints() const noexcept
static constexpr uint16_t kTls10Version
OpenSSL TLS version constants for reference.
bool non_downgrading() const noexcept
uint16_t max_protocol_version() const noexcept
std::string_view tls13_ciphersuites() const noexcept
Get the TLS 1.3 cipher suites string for OpenSSL.
static constexpr std::string_view kTls13Strict
TLS 1.3 strict cipher suites (extended profile)
bool is_rsa_key_acceptable(uint16_t bits) const noexcept
Check if an RSA key size meets minimum requirements.
static constexpr uint16_t kTls11Version
static constexpr uint16_t kTls12Version
cipher_suite_spec ciphers_
static tls_policy from_profile(tls_profile profile)
Create a policy from a named profile.
static tls_policy bcp195_basic_profile()
Create a BCP 195 basic profile policy.
bool is_ecdsa_key_acceptable(uint16_t bits) const noexcept
Check if an ECDSA curve size meets minimum requirements.
std::optional< tls_profile > parse_tls_profile(std::string_view str) noexcept
Parse TLS profile from string.
constexpr auto to_string(anonymization_profile profile) noexcept -> std::string_view
Convert profile enum to string representation.
tls_profile
TLS policy profile levels.
@ bcp195_basic
BCP 195 basic profile: TLS 1.2 minimum, standard cipher suites.
@ bcp195_non_downgrading
BCP 195 non-downgrading profile: TLS 1.2+ with no downgrade This is the DICOM PS3....
@ bcp195_extended
Extended profile: TLS 1.3 only, strictest cipher suites.
std::vector< tls_profile > available_tls_profiles()
Get a list of all available TLS profiles.
Certificate validation constraints.
uint16_t min_rsa_key_bits
Minimum RSA key size in bits.
uint16_t min_ecdsa_curve_bits
Minimum ECDSA curve size (P-256 = 256, P-384 = 384)
bool require_peer_verification
Require peer certificate verification.
uint8_t max_chain_depth
Maximum certificate chain depth.
TLS cipher suite specification.
std::string tls12_ciphers
TLS 1.2 cipher suites (OpenSSL cipher string format)
std::string tls13_ciphers
TLS 1.3 cipher suites (OpenSSL ciphersuites string format)
1.12.0