diff options
author | Péter Dimitrov <[email protected]> | 2019-01-30 17:03:00 +0100 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2019-02-08 09:30:19 +0100 |
commit | c3e98b376063718cae7937784a8bada230ff2429 (patch) | |
tree | f8a0f33db071434b1161e1eeae0b7ef822a6c8bd /lib/ssl/src/tls_record.erl | |
parent | 20b76b6c535bf0279950ea9ef5d02c52a9f8b51c (diff) | |
download | otp-c3e98b376063718cae7937784a8bada230ff2429.tar.gz otp-c3e98b376063718cae7937784a8bada230ff2429.tar.bz2 otp-c3e98b376063718cae7937784a8bada230ff2429.zip |
ssl: Improve TLS 1.3 statem
- Store FinishedKey in cipher_state.
- Implement state 'wait_finished'.
- Calculate traffic secrets in 'wait_finished' after Finished
received from client and go to state 'Connection'.
- Drop 'change_cipher_spec' messages (middlebox compatibility mode).
- Extend tests of 1-RTT.
Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
Diffstat (limited to 'lib/ssl/src/tls_record.erl')
-rw-r--r-- | lib/ssl/src/tls_record.erl | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl index ad2bfb7a5c..d7ea12ec3f 100644 --- a/lib/ssl/src/tls_record.erl +++ b/lib/ssl/src/tls_record.erl @@ -398,6 +398,18 @@ initial_connection_state(ConnectionEnd, BeastMitigation) -> server_verify_data => undefined }. +%% TLS 1.3 +get_tls_records_aux({3,4} = Version, <<?BYTE(Type),?BYTE(3),?BYTE(3), + ?UINT16(Length), Data:Length/binary, + Rest/binary>> = RawTLSRecord, + Acc, SslOpts) when Type == ?APPLICATION_DATA; + Type == ?HANDSHAKE; + Type == ?ALERT; + Type == ?CHANGE_CIPHER_SPEC -> + ssl_logger:debug(SslOpts#ssl_options.log_level, inbound, 'tls_record', [RawTLSRecord]), + get_tls_records_aux(Version, Rest, [#ssl_tls{type = Type, + version = {3,3}, %% Use legacy version + fragment = Data} | Acc], SslOpts); get_tls_records_aux({MajVer, MinVer} = Version, <<?BYTE(Type),?BYTE(MajVer),?BYTE(MinVer), ?UINT16(Length), Data:Length/binary, Rest/binary>> = RawTLSRecord, Acc, SslOpts) when Type == ?APPLICATION_DATA; |