diff options
| author | Péter Dimitrov <[email protected]> | 2018-12-10 11:04:33 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2019-01-11 09:59:12 +0100 |
| commit | d05f164c072728a3ccb68fbc0f844d65bb2996d0 (patch) | |
| tree | af5081ec59a032a8419fe9fbc168fd68f6fe6223 | |
| parent | 8d7c2c33b3cdc978ec32ad503242c352c0e46690 (diff) | |
| download | otp-d05f164c072728a3ccb68fbc0f844d65bb2996d0.tar.gz otp-d05f164c072728a3ccb68fbc0f844d65bb2996d0.tar.bz2 otp-d05f164c072728a3ccb68fbc0f844d65bb2996d0.zip | |
ssl: Reorder default signature schemes
Change-Id: I54ef4f946c64510ca6df073aefc30c0b28723b3b
| -rw-r--r-- | lib/ssl/src/tls_v1.erl | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index 5e3140114d..737ecadab4 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -575,22 +575,29 @@ signature_schemes(_, _) -> default_signature_schemes(Version) -> Default = [ - rsa_pkcs1_sha256, - rsa_pkcs1_sha384, - rsa_pkcs1_sha512, - ecdsa_secp256r1_sha256, - ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, - rsa_pss_rsae_sha256, - rsa_pss_rsae_sha384, + ecdsa_secp384r1_sha384, + ecdsa_secp256r1_sha256, + rsa_pss_pss_sha512, + rsa_pss_pss_sha384, + rsa_pss_pss_sha256, rsa_pss_rsae_sha512, + rsa_pss_rsae_sha384, + rsa_pss_rsae_sha256, %% ed25519, %% ed448, - rsa_pss_pss_sha256, - rsa_pss_pss_sha384, - rsa_pss_pss_sha512, - rsa_pkcs1_sha1, - ecdsa_sha1 + + %% These values refer solely to signatures + %% which appear in certificates (see Section 4.4.2.2) and are not + %% defined for use in signed TLS handshake messages, although they + %% MAY appear in "signature_algorithms" and + %% "signature_algorithms_cert" for backward compatibility with + %% TLS 1.2. + rsa_pkcs1_sha512, + rsa_pkcs1_sha384, + rsa_pkcs1_sha256, + ecdsa_sha1, + rsa_pkcs1_sha1 ], signature_schemes(Version, Default). |