diff options
author | Ingela Anderton Andin <[email protected]> | 2014-01-21 15:26:57 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2014-01-21 15:26:57 +0100 |
commit | 8de45496ceacdad8bc01a137d180602b089a8d65 (patch) | |
tree | 6f88d290168a65977b11e80614057a69a43603fe /lib/ssl | |
parent | c0b39f22abf34f6a0fb233418a02b2e6f41875e3 (diff) | |
parent | caac6cb4f18750613460acd491da299bbe4a96cc (diff) | |
download | otp-8de45496ceacdad8bc01a137d180602b089a8d65.tar.gz otp-8de45496ceacdad8bc01a137d180602b089a8d65.tar.bz2 otp-8de45496ceacdad8bc01a137d180602b089a8d65.zip |
Merge branch 'ia/ssl/ECC-curve-selection/OTP-11575' into maint
* ia/ssl/ECC-curve-selection/OTP-11575:
ssl: Prepare for release
ssl: fix elliptic curve selection in server mode
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl.appup.src | 10 | ||||
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 2 | ||||
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 2 | ||||
-rw-r--r-- | lib/ssl/src/tls_connection.erl | 8 |
4 files changed, 14 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src index a0cdebe547..3a64841976 100644 --- a/lib/ssl/src/ssl.appup.src +++ b/lib/ssl/src/ssl.appup.src @@ -1,7 +1,10 @@ %% -*- erlang -*- {"%VSN%", [ - {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}]}, + {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}, + {load_module, ssl_connection, soft_purge, soft_purge, []}, + {load_module, ssl_handshake, soft_purge, soft_purge, []}, + {load_module, tls_connection, soft_purge, soft_purge, []}]}, {<<"5.3.1">>, [{restart_application, ssl}]}, {<<"5.2\\*">>, [{restart_application, ssl}]}, {<<"5.1\\*">>, [{restart_application, ssl}]}, @@ -10,7 +13,10 @@ {<<"3\\.*">>, [{restart_application, ssl}]} ], [ - {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}]}, + {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}, + {load_module, ssl_connection, soft_purge, soft_purge, []}, + {load_module, ssl_handshake, soft_purge, soft_purge, []}, + {load_module, tls_connection, soft_purge, soft_purge, []}]}, {<<"5.3.1">>, [{restart_application, ssl}]}, {<<"5.2\\*">>, [{restart_application, ssl}]}, {<<"5.1\\*">>, [{restart_application, ssl}]}, diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index b7c1b9e8d0..82106935cb 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1597,7 +1597,7 @@ default_hashsign(_Version, KeyExchange) select_curve(#state{client_ecc = {[Curve|_], _}}) -> {namedCurve, Curve}; select_curve(_) -> - {namedCurve, ?secp256k1}. + {namedCurve, ?secp256r1}. is_anonymous(Algo) when Algo == dh_anon; Algo == ecdh_anon; diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index da72ffc043..f5c0034f1b 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1287,7 +1287,7 @@ select_curve(#elliptic_curves{elliptic_curve_list = ClientCurves}, select_curve(undefined, _) -> %% Client did not send ECC extension use default curve if %% ECC cipher is negotiated - {namedCurve, ?secp256k1}; + {namedCurve, ?secp256r1}; select_curve(_, []) -> no_curve; select_curve(Curves, [Curve| Rest]) -> diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index 8e6f80da1e..ffa04ee8ba 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -199,7 +199,9 @@ hello(start, #state{host = Host, port = Port, role = client, next_state(hello, hello, Record, State); hello(Hello = #client_hello{client_version = ClientVersion, - extensions = #hello_extensions{hash_signs = HashSigns}}, + extensions = #hello_extensions{hash_signs = HashSigns, + ec_point_formats = EcPointFormats, + elliptic_curves = EllipticCurves}}, State = #state{connection_states = ConnectionStates0, port = Port, session = #session{own_certificate = Cert} = Session0, renegotiation = {Renegotiation, _}, @@ -210,9 +212,7 @@ hello(Hello = #client_hello{client_version = ClientVersion, case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert}, Renegotiation) of {Version, {Type, Session}, - ConnectionStates, - #hello_extensions{ec_point_formats = EcPointFormats, - elliptic_curves = EllipticCurves} = ServerHelloExt} -> + ConnectionStates, ServerHelloExt} -> ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign}, State#state{connection_states = ConnectionStates, negotiated_version = Version, |