diff options
| author | Péter Dimitrov <[email protected]> | 2018-07-20 15:40:59 +0200 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2018-07-20 15:40:59 +0200 |
| commit | c814c388d5c45c8d70426389e702426424086eca (patch) | |
| tree | a9d088ca9b56bb10b1118486f299dd985e3f3a36 /lib/ssl/src/tls_connection.erl | |
| parent | 78f5b89a9aab785841157457a0528f8781353862 (diff) | |
| parent | 84a4a9b5b14b5b035e1b8e2699203015f4df16d4 (diff) | |
| download | otp-c814c388d5c45c8d70426389e702426424086eca.tar.gz otp-c814c388d5c45c8d70426389e702426424086eca.tar.bz2 otp-c814c388d5c45c8d70426389e702426424086eca.zip | |
Merge branch 'peterdmv/ssl/version_extension_updates/OTP-15059'
* peterdmv/ssl/version_extension_updates/OTP-15059:
ssl: Fix handling of TLS record versions
ssl: Update hello state (TLS 1.3)
ssl: Implement 'supported_versions' extension
ssl: Sort supported versions in handle_options
ssl: Add experimental version 'tlsv1.3'
Change-Id: I071d24242103cc066c5ee8154effc5ee01b04703
Diffstat (limited to 'lib/ssl/src/tls_connection.erl')
| -rw-r--r-- | lib/ssl/src/tls_connection.erl | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index 1a0a9b9275..8320d3f7f3 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -679,8 +679,8 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, Tracker}, Us next_tls_record(Data, StateName, #state{protocol_buffers = #protocol_buffers{tls_record_buffer = Buf0, tls_cipher_texts = CT0} = Buffers, - ssl_options = SslOpts} = State0) -> - case tls_record:get_tls_records(Data, + ssl_options = SslOpts} = State0) -> + case tls_record:get_tls_records(Data, acceptable_record_versions(StateName, State0), Buf0, SslOpts) of {Records, Buf1} -> @@ -693,10 +693,18 @@ next_tls_record(Data, StateName, #state{protocol_buffers = end. +%% TLS 1.3 Client/Server +%% - Ignore TLSPlaintext.legacy_record_version +%% - Verify that TLSCiphertext.legacy_record_version is set to 0x0303 for all records +%% other than an initial ClientHello, where it MAY also be 0x0301. acceptable_record_versions(hello, _) -> - [tls_record:protocol_version(Vsn) || Vsn <- ?ALL_AVAILABLE_VERSIONS]; + [tls_record:protocol_version(Vsn) || Vsn <- ?ALL_TLS_RECORD_VERSIONS]; +acceptable_record_versions(_, #state{negotiated_version = {Major, Minor}}) + when Major > 3; Major =:= 3, Minor >= 4 -> + [{3, 3}]; acceptable_record_versions(_, #state{negotiated_version = Version}) -> [Version]. + handle_record_alert(Alert, _) -> Alert. |