diff options
| author | Péter Dimitrov <[email protected]> | 2018-07-11 17:25:30 +0200 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2018-07-19 14:30:00 +0200 |
| commit | 8c6116c5432f3198e7f50de04b4f777cb23b80b4 (patch) | |
| tree | 4a329b0cc995d083516a2cc1fcce567a3398530d /lib/ssl/src/ssl_handshake.erl | |
| parent | cba55e0a8c27b4e3f2a5c1bdc227f7421932b343 (diff) | |
| download | otp-8c6116c5432f3198e7f50de04b4f777cb23b80b4.tar.gz otp-8c6116c5432f3198e7f50de04b4f777cb23b80b4.tar.bz2 otp-8c6116c5432f3198e7f50de04b4f777cb23b80b4.zip | |
ssl: Update hello state (TLS 1.3)
Update hello state to handle the "supported_versions" extension
defined by TLS 1.3:
- If "supported_versions" is present in ServerHello, the client
will aboirt the handshake with an "illegal_parameter" alert.
- If "supported_versions" is present in ClientHello, the server
will select a version from "supported_versions" and ignore
ClientHello.legacy_version. If it only supports versions
greater than "supported_versions", the server aborts the
handshake with a "protocol_version" alert.
- If "supported_versions" is absent in ClientHello, the server
negotiates the minimum of ClientHello.legacy_version and
TLS 1.2. If it only supports version greater than
ClientHello.legacy_version, the server aborts the handshake
with a "protocol_version" alert.
Change-Id: I16eef15d77bf21209c6cc103546ddddca518483b
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index e9f482d6d8..98e9d9da7e 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -53,7 +53,7 @@ -export([certify/7, certificate_verify/6, verify_signature/5, master_secret/4, server_key_exchange_hash/2, verify_connection/6, init_handshake_history/0, update_handshake_history/2, verify_server_key/5, - select_version/3, extension_value/1 + select_version/3, select_supported_version/2, extension_value/1 ]). %% Encode @@ -505,6 +505,21 @@ verify_server_key(#server_key_params{params_bin = EncParams, select_version(RecordCB, ClientVersion, Versions) -> do_select_version(RecordCB, ClientVersion, Versions). + +%% Called by TLS 1.2/1.3 Server when "supported_versions" is present +%% in ClientHello. +%% Input lists are ordered (highest first) +select_supported_version([], _ServerVersions) -> + undefined; +select_supported_version([ClientVersion|T], ServerVersions) -> + case lists:member(ClientVersion, ServerVersions) of + true -> + ClientVersion; + false -> + select_supported_version(T, ServerVersions) + end. + + %%==================================================================== %% Encode handshake %%==================================================================== |