Use TLS 1.2 only for now

author: Loïc Hoguin <[email protected]> 2020-03-23 11:34:45 +0100
committer: Loïc Hoguin <[email protected]> 2020-03-23 11:34:45 +0100
commit: d7cc40e27d1fc01f0aa33381415f7aad8573699f (patch)
tree: 0d8008f88ba7c2368775671371673232dc4a865e
parent: 19f88aee83a3cb3e6ff26ecaa30a9629052b29d3 (diff)
download: ct_helper-d7cc40e27d1fc01f0aa33381415f7aad8573699f.tar.gz
ct_helper-d7cc40e27d1fc01f0aa33381415f7aad8573699f.tar.bz2
ct_helper-d7cc40e27d1fc01f0aa33381415f7aad8573699f.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/src/ct_helper.erl b/src/ct_helper.erl
index bc0624a..d96385b 100644
--- a/src/ct_helper.erl
+++ b/src/ct_helper.erl
@@ -210,7 +210,7 @@ make_certs() ->
 %% They have no effect otherwise.
 
 make_certs_in_ets() ->
-	{CaCert, Cert, Key} = ct_helper:make_certs(),
+	{CaCert, Cert, Key} = make_certs(),
 	VerifyFun = fun
 		(_, {bad_cert, _}, UserState) ->
 			{valid, UserState};
@@ -225,7 +225,12 @@ make_certs_in_ets() ->
 	end,
 	CertOpts = [
 		{cert, Cert}, {key, Key}, {cacerts, [CaCert]},
-		{verify, verify_peer}, {verify_fun, {VerifyFun, []}}
+		{verify, verify_peer}, {verify_fun, {VerifyFun, []}},
+		%% We stick to TLS 1.2 because our certificates are not
+		%% secure enough for use with TLS 1.3. This can be resolved
+		%% when we no longer depend on erl_make_certs for generating
+		%% them.
+		{versions, ['tlsv1.2']}
 	],
 	Pid = spawn(fun() -> receive after infinity -> ok end end),
 	?MODULE = ets:new(?MODULE, [ordered_set, public, named_table,
author	Loïc Hoguin <[email protected]>	2020-03-23 11:34:45 +0100
committer	Loïc Hoguin <[email protected]>	2020-03-23 11:34:45 +0100
commit	d7cc40e27d1fc01f0aa33381415f7aad8573699f (patch)
tree	0d8008f88ba7c2368775671371673232dc4a865e
parent	19f88aee83a3cb3e6ff26ecaa30a9629052b29d3 (diff)
download	ct_helper-d7cc40e27d1fc01f0aa33381415f7aad8573699f.tar.gz ct_helper-d7cc40e27d1fc01f0aa33381415f7aad8573699f.tar.bz2 ct_helper-d7cc40e27d1fc01f0aa33381415f7aad8573699f.zip