diff options
author | Hans Nilsson <[email protected]> | 2017-06-14 15:30:16 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2017-06-14 15:30:16 +0200 |
commit | 8e1cd77c97835c7ac8ecc1adcc13a366fb3904a3 (patch) | |
tree | d497bcea50cd029f519b8894db859a5a5a5030ad /lib/ssl | |
parent | 2e4f0aa732b4dcc0a511234b4bdf11d61ca6b5fd (diff) | |
parent | 478205d32667dd7575d70d412d96c8c695168c46 (diff) | |
download | otp-8e1cd77c97835c7ac8ecc1adcc13a366fb3904a3.tar.gz otp-8e1cd77c97835c7ac8ecc1adcc13a366fb3904a3.tar.bz2 otp-8e1cd77c97835c7ac8ecc1adcc13a366fb3904a3.zip |
Merge remote-tracking branch 'ingela/ingela/dtls/client-hello-verify/ERL-434'
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/dtls_connection.erl | 8 | ||||
-rw-r--r-- | lib/ssl/src/dtls_handshake.hrl | 1 |
2 files changed, 8 insertions, 1 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index 98ea8092fa..e8cfbbe2e3 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -311,7 +311,13 @@ hello(internal, #client_hello{cookie = <<>>, protocol_specific = #{current_cookie_secret := Secret}} = State0) -> {ok, {IP, Port}} = dtls_socket:peername(Transport, Socket), Cookie = dtls_handshake:cookie(Secret, IP, Port, Hello), - VerifyRequest = dtls_handshake:hello_verify_request(Cookie, Version), + %% FROM RFC 6347 regarding HelloVerifyRequest message: + %% The server_version field has the same syntax as in TLS. However, in + %% order to avoid the requirement to do version negotiation in the + %% initial handshake, DTLS 1.2 server implementations SHOULD use DTLS + %% version 1.0 regardless of the version of TLS that is expected to be + %% negotiated. + VerifyRequest = dtls_handshake:hello_verify_request(Cookie, ?HELLO_VERIFY_REQUEST_VERSION), State1 = prepare_flight(State0#state{negotiated_version = Version}), {State2, Actions} = send_handshake(VerifyRequest, State1), {Record, State} = next_record(State2), diff --git a/lib/ssl/src/dtls_handshake.hrl b/lib/ssl/src/dtls_handshake.hrl index 0a980c5f31..24678cba0e 100644 --- a/lib/ssl/src/dtls_handshake.hrl +++ b/lib/ssl/src/dtls_handshake.hrl @@ -29,6 +29,7 @@ -include("ssl_handshake.hrl"). %% Common TLS and DTLS records and Constantes -define(HELLO_VERIFY_REQUEST, 3). +-define(HELLO_VERIFY_REQUEST_VERSION, {254, 255}). -record(client_hello, { client_version, |