From 263e1ab8a7e1a36481b4526bdb933e0fa2998953 Mon Sep 17 00:00:00 2001
From: Andreas Schultz <aschultz@tpip.net>
Date: Sun, 8 Apr 2012 03:55:39 +0200
Subject: ssl: Enable TLS 1.2

---
 lib/ssl/src/ssl.erl          | 3 ++-
 lib/ssl/src/ssl_internal.hrl | 8 ++++----
 lib/ssl/src/ssl_record.erl   | 4 ++++
 3 files changed, 10 insertions(+), 5 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index d645d89a68..5bd382b8c4 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -719,7 +719,8 @@ validate_option(Opt, Value) ->
     
 validate_versions([], Versions) ->
     Versions;
-validate_versions([Version | Rest], Versions) when Version == 'tlsv1.1'; 
+validate_versions([Version | Rest], Versions) when Version == 'tlsv1.2';
+                                                   Version == 'tlsv1.1';
                                                    Version == tlsv1; 
                                                    Version == sslv3 ->
     validate_versions(Rest, Versions);					   
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 18cfcdcd68..87f85c5775 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -34,7 +34,7 @@
 -type host()		  :: inet:ip_address() | inet:hostname().
 -type session_id()        :: 0 | binary().
 -type tls_version()       :: {integer(), integer()}.
--type tls_atom_version()  :: sslv3 | tlsv1.
+-type tls_atom_version()  :: sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'.
 -type certdb_ref()        :: reference().
 -type db_handle()         :: term().
 -type key_algo()          :: null | rsa | dhe_rsa | dhe_dss | dh_anon.
@@ -69,11 +69,11 @@
 -define(TRUE, 0).
 -define(FALSE, 1).
 
--define(DEFAULT_SUPPORTED_VERSIONS, [tlsv1, sslv3]). % TODO: This is temporary
-%-define(DEFAULT_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1, sslv3]).
+-define(DEFAULT_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]). % TODO: This is temporary
+%-define(DEFAULT_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]).
 
 -record(ssl_options, {
-	  versions,   % 'tlsv1.1' | tlsv1 | sslv3
+	  versions,   % 'tlsv1.2' | 'tlsv1.1' | tlsv1 | sslv3
 	  verify,     %   verify_none | verify_peer
 	  verify_fun, % fun(CertVerifyErrors) -> boolean()
 	  fail_if_no_peer_cert, % boolean()
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 4cf962c9ea..3bfcff5517 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -383,6 +383,8 @@ get_tls_records_aux(Data, Acc) ->
 %% Description: Creates a protocol version record from a version atom
 %% or vice versa.
 %%--------------------------------------------------------------------
+protocol_version('tlsv1.2') ->
+    {3, 3};
 protocol_version('tlsv1.1') ->
     {3, 2};
 protocol_version(tlsv1) ->
@@ -391,6 +393,8 @@ protocol_version(sslv3) ->
     {3, 0};
 protocol_version(sslv2) -> %% Backwards compatibility
     {2, 0};
+protocol_version({3, 3}) ->
+    'tlsv1.2';
 protocol_version({3, 2}) ->
     'tlsv1.1';
 protocol_version({3, 1}) ->
-- 
cgit v1.2.3