diff options
author | Péter Dimitrov <[email protected]> | 2018-07-20 15:40:59 +0200 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2018-07-20 15:40:59 +0200 |
commit | c814c388d5c45c8d70426389e702426424086eca (patch) | |
tree | a9d088ca9b56bb10b1118486f299dd985e3f3a36 /lib/ssl/src/ssl_internal.hrl | |
parent | 78f5b89a9aab785841157457a0528f8781353862 (diff) | |
parent | 84a4a9b5b14b5b035e1b8e2699203015f4df16d4 (diff) | |
download | otp-c814c388d5c45c8d70426389e702426424086eca.tar.gz otp-c814c388d5c45c8d70426389e702426424086eca.tar.bz2 otp-c814c388d5c45c8d70426389e702426424086eca.zip |
Merge branch 'peterdmv/ssl/version_extension_updates/OTP-15059'
* peterdmv/ssl/version_extension_updates/OTP-15059:
ssl: Fix handling of TLS record versions
ssl: Update hello state (TLS 1.3)
ssl: Implement 'supported_versions' extension
ssl: Sort supported versions in handle_options
ssl: Add experimental version 'tlsv1.3'
Change-Id: I071d24242103cc066c5ee8154effc5ee01b04703
Diffstat (limited to 'lib/ssl/src/ssl_internal.hrl')
-rw-r--r-- | lib/ssl/src/ssl_internal.hrl | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl index a98cbf8542..2e1a928a62 100644 --- a/lib/ssl/src/ssl_internal.hrl +++ b/lib/ssl/src/ssl_internal.hrl @@ -72,11 +72,21 @@ -define(FALSE, 1). %% sslv3 is considered insecure due to lack of padding check (Poodle attack) -%% Keep as interop with legacy software but do not support as default --define(ALL_AVAILABLE_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]). +%% Keep as interop with legacy software but do not support as default +%% tlsv1.3 is under development (experimental). +-define(ALL_AVAILABLE_VERSIONS, ['tlsv1.3', 'tlsv1.2', 'tlsv1.1', tlsv1, sslv3]). -define(ALL_AVAILABLE_DATAGRAM_VERSIONS, ['dtlsv1.2', dtlsv1]). +%% Defines the default versions when not specified by an ssl option. -define(ALL_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1]). -define(MIN_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1]). + +%% Versions allowed in TLSCiphertext.version (TLS 1.2 and prior) and +%% TLSCiphertext.legacy_record_version (TLS 1.3). +%% TLS 1.3 sets TLSCiphertext.legacy_record_version to 0x0303 for all records +%% generated other than an than an initial ClientHello, where it MAY also be 0x0301. +%% Thus, the allowed range is limited to 0x0300 - 0x0303. +-define(ALL_TLS_RECORD_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]). + -define(ALL_DATAGRAM_SUPPORTED_VERSIONS, ['dtlsv1.2', dtlsv1]). -define(MIN_DATAGRAM_SUPPORTED_VERSIONS, [dtlsv1]). |