diff options
author | Andreas Schultz <[email protected]> | 2013-12-30 11:54:23 +0100 |
---|---|---|
committer | Andreas Schultz <[email protected]> | 2014-01-13 13:00:24 +0100 |
commit | 8837c1be2ba8a3c123df3f5a87003daa9aac6539 (patch) | |
tree | 9b18eed937e5e58e4afd7886fd3b3fd41e4341e0 /lib/ssl/src/tls_v1.erl | |
parent | d06e7d12d3e8d77348e0c7e93a44b060e07f7075 (diff) | |
download | otp-8837c1be2ba8a3c123df3f5a87003daa9aac6539.tar.gz otp-8837c1be2ba8a3c123df3f5a87003daa9aac6539.tar.bz2 otp-8837c1be2ba8a3c123df3f5a87003daa9aac6539.zip |
crypto: selective support for GF2m curves
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves.
Selectively enable GF2m curves is support for them is available.
Diffstat (limited to 'lib/ssl/src/tls_v1.erl')
-rw-r--r-- | lib/ssl/src/tls_v1.erl | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index b618675cce..7c7fdd64c3 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -368,12 +368,19 @@ finished_label(server) -> %% list ECC curves in prefered order ecc_curves(_Minor) -> - [?sect571r1,?sect571k1,?secp521r1,?brainpoolP512r1, - ?sect409k1,?sect409r1,?brainpoolP384r1,?secp384r1, - ?sect283k1,?sect283r1,?brainpoolP256r1,?secp256k1,?secp256r1, - ?sect239k1,?sect233k1,?sect233r1,?secp224k1,?secp224r1, - ?sect193r1,?sect193r2,?secp192k1,?secp192r1,?sect163k1, - ?sect163r1,?sect163r2,?secp160k1,?secp160r1,?secp160r2]. + TLSCurves = [sect571r1,sect571k1,secp521r1,brainpoolP512r1, + sect409k1,sect409r1,brainpoolP384r1,secp384r1, + sect283k1,sect283r1,brainpoolP256r1,secp256k1,secp256r1, + sect239k1,sect233k1,sect233r1,secp224k1,secp224r1, + sect193r1,sect193r2,secp192k1,secp192r1,sect163k1, + sect163r1,sect163r2,secp160k1,secp160r1,secp160r2], + CryptoCurves = crypto:ec_curves(), + lists:foldr(fun(Curve, Curves) -> + case proplists:get_bool(Curve, CryptoCurves) of + true -> [pubkey_cert_records:namedCurves(Curve)|Curves]; + false -> Curves + end + end, [], TLSCurves). %% ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) oid_to_enum(?sect163k1) -> 1; |