+@handmessages = (
+ [TLSProxy::Message::MT_CLIENT_HELLO,
+ checkhandshake::ALL_HANDSHAKES],
+ [TLSProxy::Message::MT_SERVER_HELLO,
+ checkhandshake::ALL_HANDSHAKES],
+ [TLSProxy::Message::MT_CERTIFICATE,
+ checkhandshake::ALL_HANDSHAKES
+ & ~checkhandshake::RESUME_HANDSHAKE],
+ (disabled("ec") ? () :
+ [TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
+ checkhandshake::EC_HANDSHAKE]),
+ [TLSProxy::Message::MT_CERTIFICATE_STATUS,
+ checkhandshake::OCSP_HANDSHAKE],
+ #ServerKeyExchange handshakes not currently supported by TLSProxy
+ [TLSProxy::Message::MT_CERTIFICATE_REQUEST,
+ checkhandshake::CLIENT_AUTH_HANDSHAKE],
+ [TLSProxy::Message::MT_SERVER_HELLO_DONE,
+ checkhandshake::ALL_HANDSHAKES
+ & ~checkhandshake::RESUME_HANDSHAKE],
+ [TLSProxy::Message::MT_CERTIFICATE,
+ checkhandshake::CLIENT_AUTH_HANDSHAKE],
+ [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE,
+ checkhandshake::ALL_HANDSHAKES
+ & ~checkhandshake::RESUME_HANDSHAKE],
+ [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
+ checkhandshake::CLIENT_AUTH_HANDSHAKE],
+ [TLSProxy::Message::MT_NEXT_PROTO,
+ checkhandshake::NPN_HANDSHAKE],
+ [TLSProxy::Message::MT_FINISHED,
+ checkhandshake::ALL_HANDSHAKES],
+ [TLSProxy::Message::MT_NEW_SESSION_TICKET,
+ checkhandshake::ALL_HANDSHAKES
+ & ~checkhandshake::RESUME_HANDSHAKE],
+ [TLSProxy::Message::MT_FINISHED,
+ checkhandshake::ALL_HANDSHAKES],
+ [TLSProxy::Message::MT_CLIENT_HELLO,
+ checkhandshake::RENEG_HANDSHAKE],
+ [TLSProxy::Message::MT_SERVER_HELLO,
+ checkhandshake::RENEG_HANDSHAKE],
+ [TLSProxy::Message::MT_CERTIFICATE,
+ checkhandshake::RENEG_HANDSHAKE],
+ [TLSProxy::Message::MT_SERVER_HELLO_DONE,
+ checkhandshake::RENEG_HANDSHAKE],
+ [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE,
+ checkhandshake::RENEG_HANDSHAKE],
+ [TLSProxy::Message::MT_FINISHED,
+ checkhandshake::RENEG_HANDSHAKE],
+ [TLSProxy::Message::MT_NEW_SESSION_TICKET,
+ checkhandshake::RENEG_HANDSHAKE],
+ [TLSProxy::Message::MT_FINISHED,
+ checkhandshake::RENEG_HANDSHAKE],
+ [0, 0]
+);
+
+@extensions = (
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ checkhandshake::SERVER_NAME_CLI_EXTENSION],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
+ (disabled("ec") ? () :
+ [TLSProxy::Message::MT_CLIENT_HELLO,
+ TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ checkhandshake::DEFAULT_EXTENSIONS]),
+ (disabled("ec") ? () :
+ [TLSProxy::Message::MT_CLIENT_HELLO,
+ TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ checkhandshake::DEFAULT_EXTENSIONS]),
+ (disabled("tls1_2") ? () :
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ checkhandshake::DEFAULT_EXTENSIONS]),
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ checkhandshake::ALPN_CLI_EXTENSION],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ checkhandshake::SCT_CLI_EXTENSION],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ checkhandshake::DEFAULT_EXTENSIONS],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ checkhandshake::DEFAULT_EXTENSIONS],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ checkhandshake::DEFAULT_EXTENSIONS],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ checkhandshake::RENEGOTIATE_CLI_EXTENSION],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN,
+ checkhandshake::NPN_CLI_EXTENSION],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP,
+ checkhandshake::SRP_CLI_EXTENSION],
+
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ checkhandshake::DEFAULT_EXTENSIONS],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ checkhandshake::DEFAULT_EXTENSIONS],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ checkhandshake::DEFAULT_EXTENSIONS],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ checkhandshake::SESSION_TICKET_SRV_EXTENSION],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ checkhandshake::SERVER_NAME_SRV_EXTENSION],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN,
+ checkhandshake::ALPN_SRV_EXTENSION],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT,
+ checkhandshake::SCT_SRV_EXTENSION],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,
+ checkhandshake::NPN_SRV_EXTENSION],
+ [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION],
+ [0,0,0]
+);