diff options
author | Klaus Trainer <[email protected]> | 2013-07-17 22:15:31 +0200 |
---|---|---|
committer | Klaus Trainer <[email protected]> | 2013-07-24 14:58:10 +0200 |
commit | c0c09a13112f21cde05f2c4b0fff641addd15bb6 (patch) | |
tree | 74661387a5e21ecca336b0a689b8fbceb0d6045d /src/ranch_ssl.erl | |
parent | 1cfc4ed0acab89b9531ac36f5ff06eaa862c6cd2 (diff) | |
download | ranch-c0c09a13112f21cde05f2c4b0fff641addd15bb6.tar.gz ranch-c0c09a13112f21cde05f2c4b0fff641addd15bb6.tar.bz2 ranch-c0c09a13112f21cde05f2c4b0fff641addd15bb6.zip |
Work around broken elliptic-curve cipher suites
Unfortunately the implementation of elliptic-curve ciphers that has
been introduced in R16B01 is incomplete. Depending on the particular
client, this can cause the TLS handshake to break during key agreement.
As it turns out that most popular browsers (e.g. Firefox, Chromium,
and Safari) are affected by this bug, we provide this workaround.
This workaround makes sure that only cipher suite implementations that
are not known to be broken are supported by default.
Diffstat (limited to 'src/ranch_ssl.erl')
-rw-r--r-- | src/ranch_ssl.erl | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index 512f3b4..98b2f5e 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -136,10 +136,11 @@ listen(Opts) -> true = lists:keymember(cert, 1, Opts) orelse lists:keymember(certfile, 1, Opts), Opts2 = ranch:set_option_default(Opts, backlog, 1024), + Opts3 = ranch:set_option_default(Opts2, ciphers, unbroken_cipher_suites()), %% We set the port to 0 because it is given in the Opts directly. %% The port in the options takes precedence over the one in the %% first argument. - ssl:listen(0, ranch:filter_options(Opts2, + ssl:listen(0, ranch:filter_options(Opts3, [backlog, cacertfile, cacerts, cert, certfile, ciphers, fail_if_no_peer_cert, ip, key, keyfile, next_protocols_advertised, nodelay, password, port, raw, reuse_session, reuse_sessions, @@ -269,3 +270,20 @@ ssl_accept(Socket, Timeout) -> {error, Reason} -> {error, {ssl_accept, Reason}} end. + +%% Unfortunately the implementation of elliptic-curve ciphers that has +%% been introduced in R16B01 is incomplete. Depending on the particular +%% client, this can cause the TLS handshake to break during key +%% agreement. Depending on the ssl application version, this function +%% returns a list of all cipher suites that are supported by default, +%% minus the elliptic-curve ones. +-spec unbroken_cipher_suites() -> [ssl:erl_cipher_suite()]. +unbroken_cipher_suites() -> + case proplists:get_value(ssl_app, ssl:versions()) of + "5.3" -> + lists:filter(fun(Suite) -> + string:left(atom_to_list(element(1, Suite)), 4) =/= "ecdh" + end, ssl:cipher_suites()); + _ -> + ssl:cipher_suites() + end. |