From b688f48b13f94b15665e951ee08be5d7f4d07ca7 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 16 Jul 2010 12:02:31 +0200 Subject: Do not check the padding for TLS 1.0 For interoperability reasons we do not check the padding in TLS 1.0 as it is not strictly required and breaks interopability with for instance Google. --- lib/ssl/src/ssl_cipher.erl | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/ssl/src') diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index a6e80047c2..073c937087 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -506,6 +506,12 @@ generic_stream_cipher_from_bin(T, HashSz) -> is_correct_padding(_, {3, 0}) -> true; +%% For interoperability reasons we do not check the padding in TLS 1.0 as it +%% is not strictly required and breaks interopability with for instance +%% Google. +is_correct_padding(_, {3, 1}) -> + true; +%% Padding must be check in TLS 1.1 and after is_correct_padding(#generic_block_cipher{padding_length = Len, padding = Padding}, _) -> list_to_binary(lists:duplicate(Len, Len)) == Padding. -- cgit v1.2.3