[erlang-bugs] ssl versions option is order dependent - can incorrectly disable cipher suites
Ingela Anderton Andin
Ingela.Anderton.Andin@REDACTED
Fri May 2 09:04:35 CEST 2014
Hi!
You have a good point. Although it in most cases it will be true that
the highest version is at the head of the list, it is not documented
that it has to be or even desirable that we should have such a
dependency. I will change the code to
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 866312f..4dea977 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -637,7 +637,8 @@ handle_options(Opts0, _Role) ->
user_lookup_fun = handle_option(user_lookup_fun, Opts, undefined),
psk_identity = handle_option(psk_identity, Opts, undefined),
srp_identity = handle_option(srp_identity, Opts, undefined),
- ciphers = handle_cipher_option(proplists:get_value(ciphers,
Opts, []), hd(Versions)),
+ ciphers = handle_cipher_option(proplists:get_value(ciphers,
Opts, []),
+ RecordCb:highest_protocol_version(Versions)),
%% Server side option
reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),
reuse_sessions = handle_option(reuse_sessions, Opts, true),
Regards Ingela Erlang/OTP Team - Ericsson AB
On 05/01/2014 03:29 PM, Ransom Richardson wrote:
>
> The issue is line 644 in ssl.erl:
>
>
> ciphers = handle_cipher_option(proplists:get_value(ciphers, Opts,
> []), hd(Versions)),
>
> If 'tlsv1.2' is in the versions list but not not the head, then any
> tlsv1.2 ciphers will be disabled.
>
>
>
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
>
More information about the erlang-bugs
mailing list