[erlang-patches] TLS 1.2 hash fixes

Andreas Schultz aschultz@REDACTED
Thu Oct 18 19:24:53 CEST 2012


Hi,

Here are two changes to improve TLS 1.2 higher strength sha hashes.

There is this comment in ssl_cipher:	

%% Currently no supported cipher suites defaults to sha384 or sha512
%% so these clauses are not needed at the moment.

I'm afraid that this is wrong. With TLS 1.2 the actual hash being used
can be negotiated and is not longer fixed to the one specified in the
cipher suite. So it is possible to end up with a stronger cipher even
when we don't default to one.

The other change adds sha224 to list of support and announced ciphers.
It might not be as good as sha256, but should still be stronger that
sha1.

https://github.com/RoadRunnr/otp/compare/master-pu...ssl-sha224-fixes
https://github.com/RoadRunnr/otp/compare/master-pu...ssl-sha224-fixes.patch

Both changes should apply cleanly on master and master-pu.

Andreas
-- 
-- 
Dipl. Inform.
Andreas Schultz




More information about the erlang-patches mailing list