aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Schultz <[email protected]>2012-04-08 03:55:39 +0200
committerIngela Anderton Andin <[email protected]>2012-08-22 14:00:45 +0200
commit263e1ab8a7e1a36481b4526bdb933e0fa2998953 (patch)
tree00e300dd0ee3e35db703d6a7cfc5889668bdaa5c
parentc2761da0b7d764ca2862a4ea138cfe8a95f96c59 (diff)
downloadotp-263e1ab8a7e1a36481b4526bdb933e0fa2998953.tar.gz
otp-263e1ab8a7e1a36481b4526bdb933e0fa2998953.tar.bz2
otp-263e1ab8a7e1a36481b4526bdb933e0fa2998953.zip
ssl: Enable TLS 1.2
-rw-r--r--lib/ssl/src/ssl.erl3
-rw-r--r--lib/ssl/src/ssl_internal.hrl8
-rw-r--r--lib/ssl/src/ssl_record.erl4
3 files changed, 10 insertions, 5 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index d645d89a68..5bd382b8c4 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -719,7 +719,8 @@ validate_option(Opt, Value) ->
validate_versions([], Versions) ->
Versions;
-validate_versions([Version | Rest], Versions) when Version == 'tlsv1.1';
+validate_versions([Version | Rest], Versions) when Version == 'tlsv1.2';
+ Version == 'tlsv1.1';
Version == tlsv1;
Version == sslv3 ->
validate_versions(Rest, Versions);
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 18cfcdcd68..87f85c5775 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -34,7 +34,7 @@
-type host() :: inet:ip_address() | inet:hostname().
-type session_id() :: 0 | binary().
-type tls_version() :: {integer(), integer()}.
--type tls_atom_version() :: sslv3 | tlsv1.
+-type tls_atom_version() :: sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'.
-type certdb_ref() :: reference().
-type db_handle() :: term().
-type key_algo() :: null | rsa | dhe_rsa | dhe_dss | dh_anon.
@@ -69,11 +69,11 @@
-define(TRUE, 0).
-define(FALSE, 1).
--define(DEFAULT_SUPPORTED_VERSIONS, [tlsv1, sslv3]). % TODO: This is temporary
-%-define(DEFAULT_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1, sslv3]).
+-define(DEFAULT_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]). % TODO: This is temporary
+%-define(DEFAULT_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]).
-record(ssl_options, {
- versions, % 'tlsv1.1' | tlsv1 | sslv3
+ versions, % 'tlsv1.2' | 'tlsv1.1' | tlsv1 | sslv3
verify, % verify_none | verify_peer
verify_fun, % fun(CertVerifyErrors) -> boolean()
fail_if_no_peer_cert, % boolean()
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 4cf962c9ea..3bfcff5517 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -383,6 +383,8 @@ get_tls_records_aux(Data, Acc) ->
%% Description: Creates a protocol version record from a version atom
%% or vice versa.
%%--------------------------------------------------------------------
+protocol_version('tlsv1.2') ->
+ {3, 3};
protocol_version('tlsv1.1') ->
{3, 2};
protocol_version(tlsv1) ->
@@ -391,6 +393,8 @@ protocol_version(sslv3) ->
{3, 0};
protocol_version(sslv2) -> %% Backwards compatibility
{2, 0};
+protocol_version({3, 3}) ->
+ 'tlsv1.2';
protocol_version({3, 2}) ->
'tlsv1.1';
protocol_version({3, 1}) ->