aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_handshake.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2018-09-06 15:49:47 +0200
committerIngela Anderton Andin <[email protected]>2018-09-11 10:49:32 +0200
commitb7138087d757f3e4190af92386145a1d942b7b8b (patch)
treef9cf7f85b45ebc937edcddc3508f632fc390e330 /lib/ssl/src/ssl_handshake.erl
parentfd591b6f7bb681dd5335a67e66b1d0b8ecf2a76f (diff)
downloadotp-b7138087d757f3e4190af92386145a1d942b7b8b.tar.gz
otp-b7138087d757f3e4190af92386145a1d942b7b8b.tar.bz2
otp-b7138087d757f3e4190af92386145a1d942b7b8b.zip
ssl: Correct handling of all PSK cipher suites
Before only some PSK suites would be correctly negotiated and most PSK ciphers suites would fail the connection. PSK cipher suites are anonymous in the sense that they do not use certificates except for rsa_psk.
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r--lib/ssl/src/ssl_handshake.erl4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index fa446081b3..3888f9dcf6 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1058,7 +1058,9 @@ select_curve(undefined, _, _) ->
select_hashsign(_, _, KeyExAlgo, _, _Version) when KeyExAlgo == dh_anon;
KeyExAlgo == ecdh_anon;
KeyExAlgo == srp_anon;
- KeyExAlgo == psk ->
+ KeyExAlgo == psk;
+ KeyExAlgo == dhe_psk;
+ KeyExAlgo == ecdhe_psk ->
{null, anon};
%% The signature_algorithms extension was introduced with TLS 1.2. Ignore it if we have
%% negotiated a lower version.