ssl, dtls: Disable V2 compatibility clause from ssl_handshake:update_handshake_history

This proably a much bigger problem for DTLS than TLS, but should be disabled for both unless explicitly configured for TLS.
author: Ingela Anderton Andin <[email protected]> 2016-07-08 16:44:14 +0200
committer: Ingela Anderton Andin <[email protected]> 2016-09-05 14:37:26 +0200
commit: 7ef8905652aa9dcf78e015261c6423b664a2ca1b (patch)
tree: b95db9dfebf618f5844b71679e2339a4e7614908 /lib/ssl/src/tls_connection.erl
parent: 753a85c822a8d6c2d7b039f142afc7df202c9f18 (diff)
download: otp-7ef8905652aa9dcf78e015261c6423b664a2ca1b.tar.gz
otp-7ef8905652aa9dcf78e015261c6423b664a2ca1b.tar.bz2
otp-7ef8905652aa9dcf78e015261c6423b664a2ca1b.zip
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 8b828f3421..a24b99f207 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -107,9 +107,10 @@ send_handshake(Handshake, State) ->
 queue_handshake(Handshake, #state{negotiated_version = Version,
 				  tls_handshake_history = Hist0,
 				  flight_buffer = Flight0,
+				  ssl_options = #ssl_options{v2_hello_compatible = V2HComp},				  
 				  connection_states = ConnectionStates0} = State0) ->
     {BinHandshake, ConnectionStates, Hist} =
-	encode_handshake(Handshake, Version, ConnectionStates0, Hist0),
+	encode_handshake(Handshake, Version, ConnectionStates0, Hist0, V2HComp),
     State0#state{connection_states = ConnectionStates,
 		 tls_handshake_history = Hist,
 		 flight_buffer = Flight0 ++ [BinHandshake]}.
@@ -186,7 +187,7 @@ callback_mode() ->
 
 init({call, From}, {start, Timeout}, 
      #state{host = Host, port = Port, role = client,
-	    ssl_options = SslOpts,
+	    ssl_options = #ssl_options{v2_hello_compatible = V2HComp} = SslOpts,
 	    session = #session{own_certificate = Cert} = Session0,
 	    transport_cb = Transport, socket = Socket,
 	    connection_states = ConnectionStates0,
@@ -202,7 +203,7 @@ init({call, From}, {start, Timeout},
     HelloVersion = tls_record:lowest_protocol_version(SslOpts#ssl_options.versions),
     Handshake0 = ssl_handshake:init_handshake_history(),
     {BinMsg, ConnectionStates, Handshake} =
-        encode_handshake(Hello,  HelloVersion, ConnectionStates0, Handshake0),
+        encode_handshake(Hello,  HelloVersion, ConnectionStates0, Handshake0, V2HComp),
     Transport:send(Socket, BinMsg),
     State1 = State0#state{connection_states = ConnectionStates,
 			  negotiated_version = Version, %% Requested version
@@ -470,9 +471,9 @@ code_change(_OldVsn, StateName, State, _) ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
-encode_handshake(Handshake, Version, ConnectionStates0, Hist0) ->
+encode_handshake(Handshake, Version, ConnectionStates0, Hist0, V2HComp) ->
     Frag = tls_handshake:encode_handshake(Handshake, Version),
-    Hist = ssl_handshake:update_handshake_history(Hist0, Frag),
+    Hist = ssl_handshake:update_handshake_history(Hist0, Frag, V2HComp),
     {Encoded, ConnectionStates} =
         ssl_record:encode_handshake(Frag, Version, ConnectionStates0),
     {Encoded, ConnectionStates, Hist}.
author	Ingela Anderton Andin <[email protected]>	2016-07-08 16:44:14 +0200
committer	Ingela Anderton Andin <[email protected]>	2016-09-05 14:37:26 +0200
commit	7ef8905652aa9dcf78e015261c6423b664a2ca1b (patch)
tree	b95db9dfebf618f5844b71679e2339a4e7614908 /lib/ssl/src/tls_connection.erl
parent	753a85c822a8d6c2d7b039f142afc7df202c9f18 (diff)
download	otp-7ef8905652aa9dcf78e015261c6423b664a2ca1b.tar.gz otp-7ef8905652aa9dcf78e015261c6423b664a2ca1b.tar.bz2 otp-7ef8905652aa9dcf78e015261c6423b664a2ca1b.zip