From ebfd862f47611fa17be72cad1afcd6a13f14bc4d Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 14 Mar 2014 15:06:58 +0100 Subject: ssl: Server now ignores client ECC curves that it does not support instead of crashing. When TLS client sends Supported Elliptic Curves Client Hello Extension the server shall select a curve supported by both sides or refuse to negotiate the use of an ECC cipher suite. --- lib/ssl/src/tls_v1.erl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/ssl/src/tls_v1.erl') diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index 7c7fdd64c3..7b1f53b969 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2013. All Rights Reserved. +%% Copyright Ericsson AB 2007-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -439,7 +439,9 @@ enum_to_oid(24) -> ?secp384r1; enum_to_oid(25) -> ?secp521r1; enum_to_oid(26) -> ?brainpoolP256r1; enum_to_oid(27) -> ?brainpoolP384r1; -enum_to_oid(28) -> ?brainpoolP512r1. +enum_to_oid(28) -> ?brainpoolP512r1; +enum_to_oid(_) -> + undefined. sufficent_ec_support() -> CryptoSupport = crypto:supports(), -- cgit v1.2.3