diff options
| author | Ingela Anderton Andin <[email protected]> | 2016-04-06 11:39:35 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2016-04-06 11:39:35 +0200 |
| commit | 57fcf2334c04352af3ce2c09a370fe9a04b073e9 (patch) | |
| tree | 148546f7c0feab9b082240adf781c965fd7603c2 /lib/ssl/src/tls_connection.erl | |
| parent | 30b22c1a3835fa411733763c49c65f2e2abb1640 (diff) | |
| parent | 9a834cff78e3f4e33b561304c83de717019f5a4d (diff) | |
| download | otp-57fcf2334c04352af3ce2c09a370fe9a04b073e9.tar.gz otp-57fcf2334c04352af3ce2c09a370fe9a04b073e9.tar.bz2 otp-57fcf2334c04352af3ce2c09a370fe9a04b073e9.zip | |
Merge branch 'ingela/ssl/config-signature-algs/OTP-13463'
* ingela/ssl/config-signature-algs/OTP-13463:
ssl: Remove default support for use of md5 in TLS 1.2 signature algorithms
ssl: Add option signature_algs
Diffstat (limited to 'lib/ssl/src/tls_connection.erl')
| -rw-r--r-- | lib/ssl/src/tls_connection.erl | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index c3f0206d25..93716d31b8 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -182,8 +182,7 @@ hello(start, #state{host = Host, port = Port, role = client, next_state(hello, hello, Record, State); hello(Hello = #client_hello{client_version = ClientVersion, - extensions = #hello_extensions{hash_signs = HashSigns, - ec_point_formats = EcPointFormats, + extensions = #hello_extensions{ec_point_formats = EcPointFormats, elliptic_curves = EllipticCurves}}, State = #state{connection_states = ConnectionStates0, port = Port, session = #session{own_certificate = Cert} = Session0, @@ -191,27 +190,28 @@ hello(Hello = #client_hello{client_version = ClientVersion, session_cache = Cache, session_cache_cb = CacheCb, negotiated_protocol = CurrentProtocol, + key_algorithm = KeyExAlg, ssl_options = SslOpts}) -> + case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb, - ConnectionStates0, Cert}, Renegotiation) of + ConnectionStates0, Cert, KeyExAlg}, Renegotiation) of #alert{} = Alert -> handle_own_alert(Alert, ClientVersion, hello, State); {Version, {Type, Session}, - ConnectionStates, Protocol0, ServerHelloExt} -> - + ConnectionStates, Protocol0, ServerHelloExt, HashSign} -> Protocol = case Protocol0 of - undefined -> CurrentProtocol; - _ -> Protocol0 - end, - - HashSign = ssl_handshake:select_hashsign(HashSigns, Cert, Version), - ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign}, + undefined -> CurrentProtocol; + _ -> Protocol0 + end, + ssl_connection:hello({common_client_hello, Type, ServerHelloExt}, State#state{connection_states = ConnectionStates, negotiated_version = Version, + hashsign_algorithm = HashSign, session = Session, client_ecc = {EllipticCurves, EcPointFormats}, negotiated_protocol = Protocol}, ?MODULE) end; + hello(Hello = #server_hello{}, #state{connection_states = ConnectionStates0, negotiated_version = ReqVersion, @@ -1069,3 +1069,4 @@ handle_sni_extension(#client_hello{extensions = HelloExtensions}, State0) -> end; handle_sni_extension(_, State0) -> State0. + |