diff options
author | Ingela Anderton Andin <[email protected]> | 2018-04-30 07:45:25 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-04-30 07:45:25 +0200 |
commit | 6e729eb3d4edf2a2f5f0d7b0a0d36f7e3d031a40 (patch) | |
tree | fc3166e618d7844a004704e64d49e82bc2f9c8c2 /lib/ssl/src/ssl_connection.erl | |
parent | 52c11d5afd18405eaa293bb881eddf23f408850f (diff) | |
parent | 973293516a0d3e5148aa567fe1da65821efe532a (diff) | |
download | otp-6e729eb3d4edf2a2f5f0d7b0a0d36f7e3d031a40.tar.gz otp-6e729eb3d4edf2a2f5f0d7b0a0d36f7e3d031a40.tar.bz2 otp-6e729eb3d4edf2a2f5f0d7b0a0d36f7e3d031a40.zip |
Merge branch 'ingela/ssl/do-not-hardcode-cipher-suites'
* ingela/ssl/do-not-hardcode-cipher-suites:
ssl: Fix ECDSA key decode clause
ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling
ssl: Run all test case combinations
ssl: Update tests to reflect sslv3 is not supported by default
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 3f8c1f97f9..ec034af44c 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1472,7 +1472,7 @@ connection_info(#state{sni_hostname = SNIHostname, RecordCB = record_cb(Connection), CipherSuiteDef = #{key_exchange := KexAlg} = ssl_cipher:suite_definition(CipherSuite), IsNamedCurveSuite = lists:member(KexAlg, - [ecdh_ecdsa, ecdhe_ecdsa, ecdh_anon]), + [ecdh_ecdsa, ecdhe_ecdsa, ecdh_rsa, ecdh_anon]), CurveInfo = case ECCCurve of {namedCurve, Curve} when IsNamedCurveSuite -> [{ecc, {named_curve, pubkey_cert_records:namedCurves(Curve)}}]; @@ -1572,11 +1572,14 @@ handle_peer_cert(Role, PeerCert, PublicKeyInfo, handle_peer_cert_key(client, _, {?'id-ecPublicKey', #'ECPoint'{point = _ECPoint} = PublicKey, PublicKeyParams}, - KeyAlg, State) when KeyAlg == ecdh_rsa; - KeyAlg == ecdh_ecdsa -> + KeyAlg, #state{session = Session} = State) when KeyAlg == ecdh_rsa; + KeyAlg == ecdh_ecdsa -> ECDHKey = public_key:generate_key(PublicKeyParams), + {namedCurve, Oid} = PublicKeyParams, + Curve = pubkey_cert_records:namedCurves(Oid), %% Need API function PremasterSecret = ssl_handshake:premaster_secret(PublicKey, ECDHKey), - master_secret(PremasterSecret, State#state{diffie_hellman_keys = ECDHKey}); + master_secret(PremasterSecret, State#state{diffie_hellman_keys = ECDHKey, + session = Session#session{ecc = {named_curve, Curve}}}); %% We do currently not support cipher suites that use fixed DH. %% If we want to implement that the following clause can be used %% to extract DH parameters form cert. |