aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl.erl
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2018-07-20 15:40:59 +0200
committerPéter Dimitrov <[email protected]>2018-07-20 15:40:59 +0200
commitc814c388d5c45c8d70426389e702426424086eca (patch)
treea9d088ca9b56bb10b1118486f299dd985e3f3a36 /lib/ssl/src/ssl.erl
parent78f5b89a9aab785841157457a0528f8781353862 (diff)
parent84a4a9b5b14b5b035e1b8e2699203015f4df16d4 (diff)
downloadotp-c814c388d5c45c8d70426389e702426424086eca.tar.gz
otp-c814c388d5c45c8d70426389e702426424086eca.tar.bz2
otp-c814c388d5c45c8d70426389e702426424086eca.zip
Merge branch 'peterdmv/ssl/version_extension_updates/OTP-15059'
* peterdmv/ssl/version_extension_updates/OTP-15059: ssl: Fix handling of TLS record versions ssl: Update hello state (TLS 1.3) ssl: Implement 'supported_versions' extension ssl: Sort supported versions in handle_options ssl: Add experimental version 'tlsv1.3' Change-Id: I071d24242103cc066c5ee8154effc5ee01b04703
Diffstat (limited to 'lib/ssl/src/ssl.erl')
-rw-r--r--lib/ssl/src/ssl.erl20
1 files changed, 12 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index c7f1f36d5d..09953908ce 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -887,9 +887,10 @@ handle_options(Opts0, #ssl_options{protocol = Protocol, cacerts = CaCerts0,
[] ->
new_ssl_options(SslOpts1, NewVerifyOpts, RecordCB);
Value ->
- Versions = [RecordCB:protocol_version(Vsn) || Vsn <- Value],
+ Versions0 = [RecordCB:protocol_version(Vsn) || Vsn <- Value],
+ Versions1 = lists:sort(fun RecordCB:is_higher/2, Versions0),
new_ssl_options(proplists:delete(versions, SslOpts1),
- NewVerifyOpts#ssl_options{versions = Versions}, record_cb(Protocol))
+ NewVerifyOpts#ssl_options{versions = Versions1}, record_cb(Protocol))
end;
%% Handle all options in listen and connect
@@ -912,7 +913,8 @@ handle_options(Opts0, Role, Host) ->
[] ->
RecordCb:supported_protocol_versions();
Vsns ->
- [RecordCb:protocol_version(Vsn) || Vsn <- Vsns]
+ Versions0 = [RecordCb:protocol_version(Vsn) || Vsn <- Vsns],
+ lists:sort(fun RecordCb:is_higher/2, Versions0)
end,
Protocol = handle_option(protocol, Opts, tls),
@@ -1311,7 +1313,8 @@ validate_binary_list(Opt, List) ->
end, List).
validate_versions([], Versions) ->
Versions;
-validate_versions([Version | Rest], Versions) when Version == 'tlsv1.2';
+validate_versions([Version | Rest], Versions) when Version == 'tlsv1.3';
+ Version == 'tlsv1.2';
Version == 'tlsv1.1';
Version == tlsv1;
Version == sslv3 ->
@@ -1324,10 +1327,11 @@ validate_versions([Ver| _], Versions) ->
tls_validate_versions([], Versions) ->
Versions;
-tls_validate_versions([Version | Rest], Versions) when Version == 'tlsv1.2';
- Version == 'tlsv1.1';
- Version == tlsv1;
- Version == sslv3 ->
+tls_validate_versions([Version | Rest], Versions) when Version == 'tlsv1.3';
+ Version == 'tlsv1.2';
+ Version == 'tlsv1.1';
+ Version == tlsv1;
+ Version == sslv3 ->
tls_validate_versions(Rest, Versions);
tls_validate_versions([Ver| _], Versions) ->
throw({error, {options, {Ver, {versions, Versions}}}}).
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 14:17:33 +0000