ssl: Only send ECC-hello extension if ECC-cipher suites are advertised

author: Ingela Anderton Andin <[email protected]> 2013-05-06 08:49:20 +0200
committer: Ingela Anderton Andin <[email protected]> 2013-05-08 10:39:22 +0200
commit: c5ae65889fc0dbaf12bbcabc93410245bbc11cc1 (patch)
tree: 5934590f200e7c2fa72586a91b6bc054bd9c3ff6 /lib/ssl/src/ssl_cipher.erl
parent: 01f5de8764b200bdd0d5e4ff69fba4523b3c2c7c (diff)
download: otp-c5ae65889fc0dbaf12bbcabc93410245bbc11cc1.tar.gz
otp-c5ae65889fc0dbaf12bbcabc93410245bbc11cc1.tar.bz2
otp-c5ae65889fc0dbaf12bbcabc93410245bbc11cc1.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index accea63344..dc413d6dfc 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -278,6 +278,11 @@ srp_suites() ->
 %% TLS v1.1 suites
 suite_definition(?TLS_NULL_WITH_NULL_NULL) ->
     {null, null, null, null};
+%% RFC 5746 - Not a real cipher suite used to signal empty "renegotiation_info" extension
+%% to avoid handshake failure from old servers that do not ignore
+%% hello extension data as they should.
+suite_definition(?TLS_EMPTY_RENEGOTIATION_INFO_SCSV) ->
+    {null, null, null, null};
 %% suite_definition(?TLS_RSA_WITH_NULL_MD5) ->
 %%     {rsa, null, md5, default_prf};
 %% suite_definition(?TLS_RSA_WITH_NULL_SHA) ->
author	Ingela Anderton Andin <[email protected]>	2013-05-06 08:49:20 +0200
committer	Ingela Anderton Andin <[email protected]>	2013-05-08 10:39:22 +0200
commit	c5ae65889fc0dbaf12bbcabc93410245bbc11cc1 (patch)
tree	5934590f200e7c2fa72586a91b6bc054bd9c3ff6 /lib/ssl/src/ssl_cipher.erl
parent	01f5de8764b200bdd0d5e4ff69fba4523b3c2c7c (diff)
download	otp-c5ae65889fc0dbaf12bbcabc93410245bbc11cc1.tar.gz otp-c5ae65889fc0dbaf12bbcabc93410245bbc11cc1.tar.bz2 otp-c5ae65889fc0dbaf12bbcabc93410245bbc11cc1.zip