aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorAndreas Schultz <[email protected]>2013-12-30 11:54:23 +0100
committerAndreas Schultz <[email protected]>2014-01-13 13:00:24 +0100
commit8837c1be2ba8a3c123df3f5a87003daa9aac6539 (patch)
tree9b18eed937e5e58e4afd7886fd3b3fd41e4341e0 /lib/ssl
parentd06e7d12d3e8d77348e0c7e93a44b060e07f7075 (diff)
downloadotp-8837c1be2ba8a3c123df3f5a87003daa9aac6539.tar.gz
otp-8837c1be2ba8a3c123df3f5a87003daa9aac6539.tar.bz2
otp-8837c1be2ba8a3c123df3f5a87003daa9aac6539.zip
crypto: selective support for GF2m curves
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves. Selectively enable GF2m curves is support for them is available.
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/tls_v1.erl19
1 files changed, 13 insertions, 6 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index b618675cce..7c7fdd64c3 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -368,12 +368,19 @@ finished_label(server) ->
%% list ECC curves in prefered order
ecc_curves(_Minor) ->
- [?sect571r1,?sect571k1,?secp521r1,?brainpoolP512r1,
- ?sect409k1,?sect409r1,?brainpoolP384r1,?secp384r1,
- ?sect283k1,?sect283r1,?brainpoolP256r1,?secp256k1,?secp256r1,
- ?sect239k1,?sect233k1,?sect233r1,?secp224k1,?secp224r1,
- ?sect193r1,?sect193r2,?secp192k1,?secp192r1,?sect163k1,
- ?sect163r1,?sect163r2,?secp160k1,?secp160r1,?secp160r2].
+ TLSCurves = [sect571r1,sect571k1,secp521r1,brainpoolP512r1,
+ sect409k1,sect409r1,brainpoolP384r1,secp384r1,
+ sect283k1,sect283r1,brainpoolP256r1,secp256k1,secp256r1,
+ sect239k1,sect233k1,sect233r1,secp224k1,secp224r1,
+ sect193r1,sect193r2,secp192k1,secp192r1,sect163k1,
+ sect163r1,sect163r2,secp160k1,secp160r1,secp160r2],
+ CryptoCurves = crypto:ec_curves(),
+ lists:foldr(fun(Curve, Curves) ->
+ case proplists:get_bool(Curve, CryptoCurves) of
+ true -> [pubkey_cert_records:namedCurves(Curve)|Curves];
+ false -> Curves
+ end
+ end, [], TLSCurves).
%% ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005)
oid_to_enum(?sect163k1) -> 1;