diff options
author | Péter Dimitrov <[email protected]> | 2018-07-20 15:40:59 +0200 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2018-07-20 15:40:59 +0200 |
commit | c814c388d5c45c8d70426389e702426424086eca (patch) | |
tree | a9d088ca9b56bb10b1118486f299dd985e3f3a36 /lib/ssl/src/ssl.erl | |
parent | 78f5b89a9aab785841157457a0528f8781353862 (diff) | |
parent | 84a4a9b5b14b5b035e1b8e2699203015f4df16d4 (diff) | |
download | otp-c814c388d5c45c8d70426389e702426424086eca.tar.gz otp-c814c388d5c45c8d70426389e702426424086eca.tar.bz2 otp-c814c388d5c45c8d70426389e702426424086eca.zip |
Merge branch 'peterdmv/ssl/version_extension_updates/OTP-15059'
* peterdmv/ssl/version_extension_updates/OTP-15059:
ssl: Fix handling of TLS record versions
ssl: Update hello state (TLS 1.3)
ssl: Implement 'supported_versions' extension
ssl: Sort supported versions in handle_options
ssl: Add experimental version 'tlsv1.3'
Change-Id: I071d24242103cc066c5ee8154effc5ee01b04703
Diffstat (limited to 'lib/ssl/src/ssl.erl')
-rw-r--r-- | lib/ssl/src/ssl.erl | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index c7f1f36d5d..09953908ce 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -887,9 +887,10 @@ handle_options(Opts0, #ssl_options{protocol = Protocol, cacerts = CaCerts0, [] -> new_ssl_options(SslOpts1, NewVerifyOpts, RecordCB); Value -> - Versions = [RecordCB:protocol_version(Vsn) || Vsn <- Value], + Versions0 = [RecordCB:protocol_version(Vsn) || Vsn <- Value], + Versions1 = lists:sort(fun RecordCB:is_higher/2, Versions0), new_ssl_options(proplists:delete(versions, SslOpts1), - NewVerifyOpts#ssl_options{versions = Versions}, record_cb(Protocol)) + NewVerifyOpts#ssl_options{versions = Versions1}, record_cb(Protocol)) end; %% Handle all options in listen and connect @@ -912,7 +913,8 @@ handle_options(Opts0, Role, Host) -> [] -> RecordCb:supported_protocol_versions(); Vsns -> - [RecordCb:protocol_version(Vsn) || Vsn <- Vsns] + Versions0 = [RecordCb:protocol_version(Vsn) || Vsn <- Vsns], + lists:sort(fun RecordCb:is_higher/2, Versions0) end, Protocol = handle_option(protocol, Opts, tls), @@ -1311,7 +1313,8 @@ validate_binary_list(Opt, List) -> end, List). validate_versions([], Versions) -> Versions; -validate_versions([Version | Rest], Versions) when Version == 'tlsv1.2'; +validate_versions([Version | Rest], Versions) when Version == 'tlsv1.3'; + Version == 'tlsv1.2'; Version == 'tlsv1.1'; Version == tlsv1; Version == sslv3 -> @@ -1324,10 +1327,11 @@ validate_versions([Ver| _], Versions) -> tls_validate_versions([], Versions) -> Versions; -tls_validate_versions([Version | Rest], Versions) when Version == 'tlsv1.2'; - Version == 'tlsv1.1'; - Version == tlsv1; - Version == sslv3 -> +tls_validate_versions([Version | Rest], Versions) when Version == 'tlsv1.3'; + Version == 'tlsv1.2'; + Version == 'tlsv1.1'; + Version == tlsv1; + Version == sslv3 -> tls_validate_versions(Rest, Versions); tls_validate_versions([Ver| _], Versions) -> throw({error, {options, {Ver, {versions, Versions}}}}). |