aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-01-21 15:26:57 +0100
committerIngela Anderton Andin <[email protected]>2014-01-21 15:26:57 +0100
commit8de45496ceacdad8bc01a137d180602b089a8d65 (patch)
tree6f88d290168a65977b11e80614057a69a43603fe /lib/ssl
parentc0b39f22abf34f6a0fb233418a02b2e6f41875e3 (diff)
parentcaac6cb4f18750613460acd491da299bbe4a96cc (diff)
downloadotp-8de45496ceacdad8bc01a137d180602b089a8d65.tar.gz
otp-8de45496ceacdad8bc01a137d180602b089a8d65.tar.bz2
otp-8de45496ceacdad8bc01a137d180602b089a8d65.zip
Merge branch 'ia/ssl/ECC-curve-selection/OTP-11575' into maint
* ia/ssl/ECC-curve-selection/OTP-11575: ssl: Prepare for release ssl: fix elliptic curve selection in server mode
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl.appup.src10
-rw-r--r--lib/ssl/src/ssl_connection.erl2
-rw-r--r--lib/ssl/src/ssl_handshake.erl2
-rw-r--r--lib/ssl/src/tls_connection.erl8
4 files changed, 14 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index a0cdebe547..3a64841976 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,7 +1,10 @@
%% -*- erlang -*-
{"%VSN%",
[
- {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}]},
+ {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []},
+ {load_module, ssl_connection, soft_purge, soft_purge, []},
+ {load_module, ssl_handshake, soft_purge, soft_purge, []},
+ {load_module, tls_connection, soft_purge, soft_purge, []}]},
{<<"5.3.1">>, [{restart_application, ssl}]},
{<<"5.2\\*">>, [{restart_application, ssl}]},
{<<"5.1\\*">>, [{restart_application, ssl}]},
@@ -10,7 +13,10 @@
{<<"3\\.*">>, [{restart_application, ssl}]}
],
[
- {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}]},
+ {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []},
+ {load_module, ssl_connection, soft_purge, soft_purge, []},
+ {load_module, ssl_handshake, soft_purge, soft_purge, []},
+ {load_module, tls_connection, soft_purge, soft_purge, []}]},
{<<"5.3.1">>, [{restart_application, ssl}]},
{<<"5.2\\*">>, [{restart_application, ssl}]},
{<<"5.1\\*">>, [{restart_application, ssl}]},
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index b7c1b9e8d0..82106935cb 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1597,7 +1597,7 @@ default_hashsign(_Version, KeyExchange)
select_curve(#state{client_ecc = {[Curve|_], _}}) ->
{namedCurve, Curve};
select_curve(_) ->
- {namedCurve, ?secp256k1}.
+ {namedCurve, ?secp256r1}.
is_anonymous(Algo) when Algo == dh_anon;
Algo == ecdh_anon;
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index da72ffc043..f5c0034f1b 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1287,7 +1287,7 @@ select_curve(#elliptic_curves{elliptic_curve_list = ClientCurves},
select_curve(undefined, _) ->
%% Client did not send ECC extension use default curve if
%% ECC cipher is negotiated
- {namedCurve, ?secp256k1};
+ {namedCurve, ?secp256r1};
select_curve(_, []) ->
no_curve;
select_curve(Curves, [Curve| Rest]) ->
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 8e6f80da1e..ffa04ee8ba 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -199,7 +199,9 @@ hello(start, #state{host = Host, port = Port, role = client,
next_state(hello, hello, Record, State);
hello(Hello = #client_hello{client_version = ClientVersion,
- extensions = #hello_extensions{hash_signs = HashSigns}},
+ extensions = #hello_extensions{hash_signs = HashSigns,
+ ec_point_formats = EcPointFormats,
+ elliptic_curves = EllipticCurves}},
State = #state{connection_states = ConnectionStates0,
port = Port, session = #session{own_certificate = Cert} = Session0,
renegotiation = {Renegotiation, _},
@@ -210,9 +212,7 @@ hello(Hello = #client_hello{client_version = ClientVersion,
case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb,
ConnectionStates0, Cert}, Renegotiation) of
{Version, {Type, Session},
- ConnectionStates,
- #hello_extensions{ec_point_formats = EcPointFormats,
- elliptic_curves = EllipticCurves} = ServerHelloExt} ->
+ ConnectionStates, ServerHelloExt} ->
ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign},
State#state{connection_states = ConnectionStates,
negotiated_version = Version,