diff options
| author | Péter Dimitrov <[email protected]> | 2018-07-17 14:08:11 +0200 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2018-07-19 15:30:59 +0200 |
| commit | ea5d8ce45b83916f868fd037d6c8bc117c9ee610 (patch) | |
| tree | 974f211e28079893218dbb87c7e951f5cd5519d2 /lib/ssl/src/ssl_internal.hrl | |
| parent | 84a4a9b5b14b5b035e1b8e2699203015f4df16d4 (diff) | |
| download | otp-ea5d8ce45b83916f868fd037d6c8bc117c9ee610.tar.gz otp-ea5d8ce45b83916f868fd037d6c8bc117c9ee610.tar.bz2 otp-ea5d8ce45b83916f868fd037d6c8bc117c9ee610.zip | |
ssl: Implement downgrade protection mechanism (TLS 1.3)
If negotiating TLS 1.2, TLS 1.3 servers MUST set the last eight bytes
of their Random value to the bytes:
44 4F 57 4E 47 52 44 01
If negotiating TLS 1.1 or below, TLS 1.3 servers MUST and TLS 1.2
servers SHOULD set the last eight bytes of their Random value to the
bytes:
44 4F 57 4E 47 52 44 00
Change-Id: If35112f63f42a9af351f4ca9b1846fd3f5b08167
Diffstat (limited to 'lib/ssl/src/ssl_internal.hrl')
| -rw-r--r-- | lib/ssl/src/ssl_internal.hrl | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl index 2e1a928a62..0d3093c1ae 100644 --- a/lib/ssl/src/ssl_internal.hrl +++ b/lib/ssl/src/ssl_internal.hrl @@ -90,6 +90,21 @@ -define(ALL_DATAGRAM_SUPPORTED_VERSIONS, ['dtlsv1.2', dtlsv1]). -define(MIN_DATAGRAM_SUPPORTED_VERSIONS, [dtlsv1]). +%% TLS 1.3 - Section 4.1.3 +%% +%% If negotiating TLS 1.2, TLS 1.3 servers MUST set the last eight bytes +%% of their Random value to the bytes: +%% +%% 44 4F 57 4E 47 52 44 01 +%% +%% If negotiating TLS 1.1 or below, TLS 1.3 servers MUST and TLS 1.2 +%% servers SHOULD set the last eight bytes of their Random value to the +%% bytes: +%% +%% 44 4F 57 4E 47 52 44 00 +-define(RANDOM_OVERRIDE_TLS12, <<16#44,16#4F,16#57,16#4E,16#47,16#52,16#44,16#01>>). +-define(RANDOM_OVERRIDE_TLS11, <<16#44,16#4F,16#57,16#4E,16#47,16#52,16#44,16#00>>). + -define('24H_in_msec', 86400000). -define('24H_in_sec', 86400). |