From 5667810578357122b3a49949c3e7826f652833c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= Date: Fri, 16 Nov 2018 09:36:08 +0100 Subject: ssl: Fix default values of "signature_algs" - Add function for special handling of default values of "signature_algs" in TLS 1.3. This change adds default values for "signature_algs" even for TLS 1.3 clients as they must send the "signature_algs" extension when a server authenticates itself via a certificate. - Use "signature schemes" as default instead of the old hash-signature algorithms tuple when using TLS 1.3. Change-Id: I296593b16610fd7a18a4ae3f3bac63c2fad06fbd --- lib/ssl/src/tls_v1.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssl/src/tls_v1.erl') diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index 8618355089..83dd7585dd 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -346,8 +346,8 @@ signature_algs({3, 3}, HashSigns) -> end, [], HashSigns), lists:reverse(Supported). -default_signature_algs({3, 4}) -> - default_signature_algs({3, 3}); +default_signature_algs({3, 4} = Version) -> + default_signature_schemes(Version); default_signature_algs({3, 3} = Version) -> Default = [%% SHA2 {sha512, ecdsa}, -- cgit v1.2.3