diff options
author | Ingela Anderton Andin <[email protected]> | 2018-09-06 15:49:47 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-09-11 10:49:32 +0200 |
commit | b7138087d757f3e4190af92386145a1d942b7b8b (patch) | |
tree | f9cf7f85b45ebc937edcddc3508f632fc390e330 /lib/ssl/src/ssl_handshake.erl | |
parent | fd591b6f7bb681dd5335a67e66b1d0b8ecf2a76f (diff) | |
download | otp-b7138087d757f3e4190af92386145a1d942b7b8b.tar.gz otp-b7138087d757f3e4190af92386145a1d942b7b8b.tar.bz2 otp-b7138087d757f3e4190af92386145a1d942b7b8b.zip |
ssl: Correct handling of all PSK cipher suites
Before only some PSK suites would be correctly negotiated and most PSK
ciphers suites would fail the connection.
PSK cipher suites are anonymous in the sense that they do not use
certificates except for rsa_psk.
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index fa446081b3..3888f9dcf6 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1058,7 +1058,9 @@ select_curve(undefined, _, _) -> select_hashsign(_, _, KeyExAlgo, _, _Version) when KeyExAlgo == dh_anon; KeyExAlgo == ecdh_anon; KeyExAlgo == srp_anon; - KeyExAlgo == psk -> + KeyExAlgo == psk; + KeyExAlgo == dhe_psk; + KeyExAlgo == ecdhe_psk -> {null, anon}; %% The signature_algorithms extension was introduced with TLS 1.2. Ignore it if we have %% negotiated a lower version. |