From df5280ac94110458381594cbc8dfa3fe31898622 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 4 Jan 2018 11:52:05 +0100
Subject: ssl: RSA key exchange is considered broken do not support by default

---
 lib/ssl/src/tls_v1.erl | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

(limited to 'lib/ssl/src/tls_v1.erl')

diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index a8fe119bf8..af3f037477 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -202,7 +202,6 @@ suites(Minor) when Minor == 1; Minor == 2 ->
       ?TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
       ?TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
       ?TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-      ?TLS_RSA_WITH_AES_256_CBC_SHA,
 
       ?TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
       ?TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@@ -210,15 +209,13 @@ suites(Minor) when Minor == 1; Minor == 2 ->
       ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
       ?TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
       ?TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-      ?TLS_RSA_WITH_AES_128_CBC_SHA,
 
       ?TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
       ?TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
       ?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
       ?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
       ?TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_RSA_WITH_3DES_EDE_CBC_SHA
+      ?TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
     ];
 suites(3) ->
     [?TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -238,8 +235,6 @@ suites(3) ->
      ?TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
      ?TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
      ?TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
-     ?TLS_RSA_WITH_AES_256_GCM_SHA384,
-     ?TLS_RSA_WITH_AES_256_CBC_SHA256,
 
      ?TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      ?TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -253,9 +248,7 @@ suites(3) ->
      ?TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
      ?TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
      ?TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-     ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
-     ?TLS_RSA_WITH_AES_128_GCM_SHA256,
-     ?TLS_RSA_WITH_AES_128_CBC_SHA256
+     ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
 
      %% not supported
      %% ?TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
@@ -264,8 +257,6 @@ suites(3) ->
      %% ?TLS_DH_DSS_WITH_AES_128_GCM_SHA256
     ] ++ suites(2).
 
-
-
 signature_algs({3, 3}, HashSigns) ->
     CryptoSupports =  crypto:supports(),
     Hashes = proplists:get_value(hashs, CryptoSupports),
-- 
cgit v1.2.3