diff options
author | Ingela Anderton Andin <[email protected]> | 2018-09-03 12:07:17 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-09-04 17:53:15 +0200 |
commit | f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca (patch) | |
tree | 2bdffc3f9e857167f7bbea9f0a4791913932e038 /lib/ssl/src/ssl_cipher.erl | |
parent | f4dd73f0363f3ccf894f17274d5b0d6cdb89fced (diff) | |
download | otp-f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca.tar.gz otp-f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca.tar.bz2 otp-f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca.zip |
ssl: Initial cipher suites adoption for TLS-1.3
This commit filters out cipher suites not to be used in TLS-1.3
We still need to add new cipher suites for TLS-1.3 and possible
add new information to the suite data structure.
Diffstat (limited to 'lib/ssl/src/ssl_cipher.erl')
-rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 863e7e4b3d..00e0ff7986 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -301,8 +301,11 @@ suites({3, Minor}) -> suites({_, Minor}) -> dtls_v1:suites(Minor). -all_suites({3, 4}) -> - all_suites({3, 3}); +all_suites({3, 4} = Version) -> + Default = suites(Version), + Rest = ssl:filter_cipher_suites(chacha_suites(Version) ++ psk_suites(Version), + tls_v1:v1_3_filters()), + Default ++ Rest; all_suites({3, _} = Version) -> suites(Version) ++ chacha_suites(Version) @@ -340,6 +343,8 @@ anonymous_suites({3, N}) -> srp_suites_anon() ++ anonymous_suites(N); anonymous_suites({254, _} = Version) -> dtls_v1:anonymous_suites(Version); +anonymous_suites(4) -> + []; %% Raw public key negotiation may be used instead anonymous_suites(N) when N >= 3 -> psk_suites_anon(N) ++ @@ -374,6 +379,8 @@ anonymous_suites(N) when N == 0; %%-------------------------------------------------------------------- psk_suites({3, N}) -> psk_suites(N); +psk_suites(4) -> + []; %% TODO Add new PSK, PSK_(EC)DHE suites psk_suites(N) when N >= 3 -> [ |