diff options
author | Ingela Anderton Andin <[email protected]> | 2018-09-03 12:07:17 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-09-04 17:53:15 +0200 |
commit | f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca (patch) | |
tree | 2bdffc3f9e857167f7bbea9f0a4791913932e038 /lib/ssl/src/tls_v1.erl | |
parent | f4dd73f0363f3ccf894f17274d5b0d6cdb89fced (diff) | |
download | otp-f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca.tar.gz otp-f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca.tar.bz2 otp-f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca.zip |
ssl: Initial cipher suites adoption for TLS-1.3
This commit filters out cipher suites not to be used in TLS-1.3
We still need to add new cipher suites for TLS-1.3 and possible
add new information to the suite data structure.
Diffstat (limited to 'lib/ssl/src/tls_v1.erl')
-rw-r--r-- | lib/ssl/src/tls_v1.erl | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index 9bd82e4953..79d50684f1 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -32,7 +32,7 @@ -export([master_secret/4, finished/5, certificate_verify/3, mac_hash/7, hmac_hash/3, setup_keys/8, suites/1, prf/5, ecc_curves/1, ecc_curves/2, oid_to_enum/1, enum_to_oid/1, - default_signature_algs/1, signature_algs/2]). + default_signature_algs/1, signature_algs/2, v1_3_filters/0]). -type named_curve() :: sect571r1 | sect571k1 | secp521r1 | brainpoolP512r1 | sect409k1 | sect409r1 | brainpoolP384r1 | secp384r1 | @@ -247,10 +247,12 @@ suites(3) -> %% ?TLS_DH_DSS_WITH_AES_128_GCM_SHA256 ] ++ suites(2); - suites(4) -> - suites(3). + ssl:filter_cipher_suites(suites(3), v1_3_filters()). +v1_3_filters() -> + [{mac, fun(aead) -> true; (_) -> false end}, + {key_exchange, fun(dhe_dss) -> false;(rsa) -> false; (rsa_psk) -> false;(_) -> true end}]. signature_algs({3, 4}, HashSigns) -> signature_algs({3, 3}, HashSigns); |