diff options
author | Péter Dimitrov <[email protected]> | 2018-11-06 10:54:38 +0100 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2018-11-16 14:32:14 +0100 |
commit | 7b4d38c6cc95df1301945cd0e63fdf927189e2c1 (patch) | |
tree | f40ebe3ed077e5a887d71f019c292403b395dcd9 /lib/ssl/src/ssl.erl | |
parent | a1a627f6099fae6e2eeb28feb5b4b316fa1b11c9 (diff) | |
download | otp-7b4d38c6cc95df1301945cd0e63fdf927189e2c1.tar.gz otp-7b4d38c6cc95df1301945cd0e63fdf927189e2c1.tar.bz2 otp-7b4d38c6cc95df1301945cd0e63fdf927189e2c1.zip |
ssl: Change defaults for "supported_groups"
Removed strongest Diffie-Hellman groups from defaults (ffdhe3072,
ffdhe4096, ffdhe6144, ffdhe8192) in order to reduce the time spent
with calculating the keys for the key_share extension.
Change-Id: I1cc1914ea4c5093f694989b0153c1bd1c8840eef
Diffstat (limited to 'lib/ssl/src/ssl.erl')
-rw-r--r-- | lib/ssl/src/ssl.erl | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 524f06d52e..df5628b236 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -51,7 +51,7 @@ %% SSL/TLS protocol handling -export([cipher_suites/0, cipher_suites/1, cipher_suites/2, filter_cipher_suites/2, prepend_cipher_suites/2, append_cipher_suites/2, - eccs/0, eccs/1, versions/0, groups/0, + eccs/0, eccs/1, versions/0, groups/0, groups/1, format_error/1, renegotiate/1, prf/5, negotiated_protocol/1, connection_information/1, connection_information/2]). %% Misc @@ -585,6 +585,13 @@ groups() -> tls_v1:groups(4). %%-------------------------------------------------------------------- +-spec groups(default) -> tls_v1:supported_groups(). +%% Description: returns the default groups (TLS 1.3 and later) +%%-------------------------------------------------------------------- +groups(default) -> + tls_v1:default_groups(4). + +%%-------------------------------------------------------------------- -spec getopts(#sslsocket{}, [gen_tcp:option_name()]) -> {ok, [gen_tcp:option()]} | {error, reason()}. %% @@ -988,7 +995,7 @@ handle_options(Opts0, Role, Host) -> eccs = handle_eccs_option(proplists:get_value(eccs, Opts, eccs()), HighestVersion), supported_groups = handle_supported_groups_option( - proplists:get_value(supported_groups, Opts, groups()), + proplists:get_value(supported_groups, Opts, groups(default)), HighestVersion), signature_algs = handle_hashsigns_option( |