diff options
author | Ingela Anderton Andin <[email protected]> | 2016-02-05 17:39:04 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2016-04-06 11:43:18 +0200 |
commit | 04397344762d506ac0286118d36e1a5b330dceb2 (patch) | |
tree | 67882f128c586cf94d1161d36b303a3d39fd5921 /lib/ssl/src/ssl_cipher.erl | |
parent | afe72bfc1448ff426c38eceb7412f69e973aef62 (diff) | |
download | otp-04397344762d506ac0286118d36e1a5b330dceb2.tar.gz otp-04397344762d506ac0286118d36e1a5b330dceb2.tar.bz2 otp-04397344762d506ac0286118d36e1a5b330dceb2.zip |
ssl: Add option signature_algs
In TLS-1.2 The signature algorithm and the hash function algorithm
used to produce the digest that is used when creating the digital signature
may be negotiated through the signature algorithm extension RFC 5246.
We want to make these algorithm pairs configurable.
In connections using lower versions of TLS these algorithms are
implicit defined and can not be negotiated or configured.
DTLS is updated to not cause dialyzer errors, but needs to get a real
implementation later.
Diffstat (limited to 'lib/ssl/src/ssl_cipher.erl')
-rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 974a6ec6b5..bef04c574f 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -43,11 +43,12 @@ -export_type([cipher_suite/0, erl_cipher_suite/0, openssl_cipher_suite/0, - key_algo/0]). + hash/0, key_algo/0, sign_algo/0]). -type cipher() :: null |rc4_128 | idea_cbc | des40_cbc | des_cbc | '3des_ede_cbc' | aes_128_cbc | aes_256_cbc | aes_128_gcm | aes_256_gcm | chacha20_poly1305. -type hash() :: null | sha | md5 | sha224 | sha256 | sha384 | sha512. +-type sign_algo() :: rsa | dsa | ecdsa. -type key_algo() :: null | rsa | dhe_rsa | dhe_dss | ecdhe_ecdsa| ecdh_ecdsa | ecdh_rsa| srp_rsa| srp_dss | psk | dhe_psk | rsa_psk | dh_anon | ecdh_anon | srp_anon. -type erl_cipher_suite() :: {key_algo(), cipher(), hash()} % Pre TLS 1.2 %% TLS 1.2, internally PRE TLS 1.2 will use default_prf |