aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2018-12-10 11:04:33 +0100
committerPéter Dimitrov <[email protected]>2019-01-11 09:59:12 +0100
commitd05f164c072728a3ccb68fbc0f844d65bb2996d0 (patch)
treeaf5081ec59a032a8419fe9fbc168fd68f6fe6223 /lib/ssl/src
parent8d7c2c33b3cdc978ec32ad503242c352c0e46690 (diff)
downloadotp-d05f164c072728a3ccb68fbc0f844d65bb2996d0.tar.gz
otp-d05f164c072728a3ccb68fbc0f844d65bb2996d0.tar.bz2
otp-d05f164c072728a3ccb68fbc0f844d65bb2996d0.zip
ssl: Reorder default signature schemes
Change-Id: I54ef4f946c64510ca6df073aefc30c0b28723b3b
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/tls_v1.erl31
1 files changed, 19 insertions, 12 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 5e3140114d..737ecadab4 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -575,22 +575,29 @@ signature_schemes(_, _) ->
default_signature_schemes(Version) ->
Default = [
- rsa_pkcs1_sha256,
- rsa_pkcs1_sha384,
- rsa_pkcs1_sha512,
- ecdsa_secp256r1_sha256,
- ecdsa_secp384r1_sha384,
ecdsa_secp521r1_sha512,
- rsa_pss_rsae_sha256,
- rsa_pss_rsae_sha384,
+ ecdsa_secp384r1_sha384,
+ ecdsa_secp256r1_sha256,
+ rsa_pss_pss_sha512,
+ rsa_pss_pss_sha384,
+ rsa_pss_pss_sha256,
rsa_pss_rsae_sha512,
+ rsa_pss_rsae_sha384,
+ rsa_pss_rsae_sha256,
%% ed25519,
%% ed448,
- rsa_pss_pss_sha256,
- rsa_pss_pss_sha384,
- rsa_pss_pss_sha512,
- rsa_pkcs1_sha1,
- ecdsa_sha1
+
+ %% These values refer solely to signatures
+ %% which appear in certificates (see Section 4.4.2.2) and are not
+ %% defined for use in signed TLS handshake messages, although they
+ %% MAY appear in "signature_algorithms" and
+ %% "signature_algorithms_cert" for backward compatibility with
+ %% TLS 1.2.
+ rsa_pkcs1_sha512,
+ rsa_pkcs1_sha384,
+ rsa_pkcs1_sha256,
+ ecdsa_sha1,
+ rsa_pkcs1_sha1
],
signature_schemes(Version, Default).