diff options
author | Victor <[email protected]> | 2016-06-07 13:23:20 +0300 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2016-10-09 00:05:09 +0200 |
commit | f8c1e190faf4d24a94a5ba652dc4e82ad0350a77 (patch) | |
tree | 393043f3227ce2e4faa9b236b84e2a12a45609ce | |
parent | 0b5f146d9add271c5edb12eccbd227201a0b8e1b (diff) | |
download | ranch-f8c1e190faf4d24a94a5ba652dc4e82ad0350a77.tar.gz ranch-f8c1e190faf4d24a94a5ba652dc4e82ad0350a77.tar.bz2 ranch-f8c1e190faf4d24a94a5ba652dc4e82ad0350a77.zip |
Make values for the TLS 1.2 signature_algorithms extension configurable
Added in ssl-7.3.1 (OTP-13261). Documented in ssl-8.0.
-rw-r--r-- | doc/src/manual/ranch_ssl.asciidoc | 3 | ||||
-rw-r--r-- | src/ranch_ssl.erl | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/doc/src/manual/ranch_ssl.asciidoc b/doc/src/manual/ranch_ssl.asciidoc index 55accad..07b835a 100644 --- a/doc/src/manual/ranch_ssl.asciidoc +++ b/doc/src/manual/ranch_ssl.asciidoc @@ -39,6 +39,7 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]} | {reuse_session, fun()} | {reuse_sessions, boolean()} | {secure_renegotiate, boolean()} + | {signature_algs, [{atom(), atom()}]} | {sni_fun, fun()} | {sni_hosts, [{string(), ssl_opt()}]} | {user_lookup_fun, {fun(), any()}} @@ -116,6 +117,8 @@ reuse_sessions (false):: Whether to allow session reuse. secure_renegotiate (false):: Whether to reject renegotiation attempts that do not conform to RFC5746. +signature_algs:: + The TLS signature algorithm extension may be used, from TLS 1.2, to negotiate which signature algorithm to use during the TLS handshake. sni_fun:: Function called when the client requests a host using Server Name Indication. Returns options to apply. sni_hosts:: diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index e9bbff2..8fe09dc 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -61,6 +61,7 @@ | {reuse_session, fun()} | {reuse_sessions, boolean()} | {secure_renegotiate, boolean()} + | {signature_algs, [{atom(), atom()}]} | {sni_fun, fun()} | {sni_hosts, [{string(), ssl_opt()}]} | {user_lookup_fun, {fun(), any()}} @@ -105,7 +106,7 @@ listen_options() -> dh, dhfile, fail_if_no_peer_cert, hibernate_after, honor_cipher_order, key, keyfile, log_alert, next_protocols_advertised, partial_chain, password, psk_identity, reuse_session, reuse_sessions, secure_renegotiate, - sni_fun, sni_hosts, user_lookup_fun, verify, verify_fun, versions + signature_algs, sni_fun, sni_hosts, user_lookup_fun, verify, verify_fun, versions |ranch_tcp:listen_options()]. -spec accept(ssl:sslsocket(), timeout()) |