diff options
author | Kenneth Lakin <[email protected]> | 2016-04-30 02:31:51 -0700 |
---|---|---|
committer | Kenneth Lakin <[email protected]> | 2016-05-26 02:58:55 -0700 |
commit | df0c5663dd944a3dd06936105d0696a704c20e4e (patch) | |
tree | 0327c1f812afe0a9786acb3bf303ab665135825c /lib/ssl/src/tls_connection.erl | |
parent | 42a0229c44875f927bc1fda138d24131874a1c3c (diff) | |
download | otp-df0c5663dd944a3dd06936105d0696a704c20e4e.tar.gz otp-df0c5663dd944a3dd06936105d0696a704c20e4e.tar.bz2 otp-df0c5663dd944a3dd06936105d0696a704c20e4e.zip |
ssl: Add BEAST mitigation selection option
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content
split BEAST mitigation technique. This commit adds a beast_mitigation
SSL option (defaulting to one_n_minus_one) to select or disable the
BEAST mitigation technique.
Valid option values are (one_n_minus_one | zero_n | disabled).
Diffstat (limited to 'lib/ssl/src/tls_connection.erl')
-rw-r--r-- | lib/ssl/src/tls_connection.erl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index 40f3eea527..91903b4a1f 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -496,7 +496,8 @@ decode_alerts(Bin) -> initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, Tracker}, User, {CbModule, DataTag, CloseTag, ErrorTag}) -> - ConnectionStates = ssl_record:init_connection_states(Role), + #ssl_options{beast_mitigation = BeastMitigation} = SSLOptions, + ConnectionStates = ssl_record:init_connection_states(Role, BeastMitigation), SessionCacheCb = case application:get_env(ssl, session_cb) of {ok, Cb} when is_atom(Cb) -> |