aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_handshake.hrl
diff options
context:
space:
mode:
authorKenneth Lakin <[email protected]>2016-04-30 20:17:03 -0700
committerIngela Anderton Andin <[email protected]>2016-05-05 08:14:03 +0200
commit8da6f7108cc9a49e7d7ccb07fa6382e293b19a4a (patch)
tree4b459af3ec753898ede5a9c6ce6c2789b2c341c9 /lib/ssl/src/ssl_handshake.hrl
parentfbc2d05c2659debff1c78d989b6921a3fff6037b (diff)
downloadotp-8da6f7108cc9a49e7d7ccb07fa6382e293b19a4a.tar.gz
otp-8da6f7108cc9a49e7d7ccb07fa6382e293b19a4a.tar.bz2
otp-8da6f7108cc9a49e7d7ccb07fa6382e293b19a4a.zip
ssl: Use cipher suite's PRF in prf/5
Use the negotiated cipher suite's PRF algorithm in calls to ssl:prf/5, rather than a hard-coded one. For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This was correct 100% of the time. For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256. This was correct only some of the time for TLS 1.2 and none of the time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5 through another path, the handshaking process used the negotiated PRF and did not encounter this bug. A new test (prf) has been added to ssl_basic_SUITE to guard against future breakage.
Diffstat (limited to 'lib/ssl/src/ssl_handshake.hrl')
0 files changed, 0 insertions, 0 deletions