[erlang-patches] TLS 1.2 hash fixes

Andreas Schultz <>
Sun Oct 28 15:36:34 CET 2012


Hi,

Here is an update to the sha224 ssl branch:
https://github.com/RoadRunnr/otp/compare/master...ssl-sha224-fixes

Tree is correctly based on master now.

I have dropped the hash_size changes. After reviewing the call patch
for hash_size, it became apparent that the original comment is correct.
I am absolutely sure that I did hit hash_size with a stronger hash, but
I am unable to reproduce it. So it is probably better to leave that alone.

The other change still applies.

Andreas

----- Original Message -----
> First and foremost:
> You should not base any branches on a ' pu' branch, as they will
> frequently be rebuilt from scratch on top of the current development
> branch.
> Base branches upon 'master' or 'maint' depending on where we are in
> the release cycle and if it is a feature or a bug etc.
> More information here:
> https://github.com/erlang/otp/wiki/Submitting-patches
> 
> Secondly: Thank you for your contribution, I have rebased your branch
> upon 'master' and included it in 'master-pu'
> 
> If this are to be included in master, you will most likely have to
> add this in the documentation, and in the test.
> 
> 
> 
> On 10/18/2012 07:24 PM, Andreas Schultz wrote:
> 
> 
> 
> Hi,
> 
> Here are two changes to improve TLS 1.2 higher strength sha hashes.
> 
> There is this comment in ssl_cipher:
> 
> %% Currently no supported cipher suites defaults to sha384 or sha512
> %% so these clauses are not needed at the moment.
> 
> I'm afraid that this is wrong. With TLS 1.2 the actual hash being
> used
> can be negotiated and is not longer fixed to the one specified in the
> cipher suite. So it is possible to end up with a stronger cipher even
> when we don't default to one.
> 
> The other change adds sha224 to list of support and announced
> ciphers.
> It might not be as good as sha256, but should still be stronger that
> sha1.
> https://github.com/RoadRunnr/otp/compare/master-pu...ssl-sha224-fixes
> https://github.com/RoadRunnr/otp/compare/master-pu...ssl-sha224-fixes.patch
> Both changes should apply cleanly on master and master-pu.
> 
> Andreas
> 
> --
> /Henrik Nord Erlang/OTP
> 
> First and foremost:
> You should *not* base any branches on a '|pu'| branch, as they will
> frequently be rebuilt from scratch on top of the current development
> branch.
> Base branches upon 'master' or 'maint' depending on where we are in
> the
> release cycle and if it is a feature or a bug etc.
> More information here:
> https://github.com/erlang/otp/wiki/Submitting-patches
> 
> Secondly: Thank you for your contribution, I have rebased your branch
> upon 'master' and included it in 'master-pu'
> 
> If this are to be included in master, you will most likely have to
> add
> this in the documentation, and in the test.
> 
> 
> 
> On 10/18/2012 07:24 PM, Andreas Schultz wrote:
> > Hi,
> >
> > Here are two changes to improve TLS 1.2 higher strength sha hashes.
> >
> > There is this comment in ssl_cipher:
> >
> > %% Currently no supported cipher suites defaults to sha384 or
> > sha512
> > %% so these clauses are not needed at the moment.
> >
> > I'm afraid that this is wrong. With TLS 1.2 the actual hash being
> > used
> > can be negotiated and is not longer fixed to the one specified in
> > the
> > cipher suite. So it is possible to end up with a stronger cipher
> > even
> > when we don't default to one.
> >
> > The other change adds sha224 to list of support and announced
> > ciphers.
> > It might not be as good as sha256, but should still be stronger
> > that
> > sha1.
> >
> > https://github.com/RoadRunnr/otp/compare/master-pu...ssl-sha224-fixes
> > https://github.com/RoadRunnr/otp/compare/master-pu...ssl-sha224-fixes.patch
> >
> > Both changes should apply cleanly on master and master-pu.
> >
> > Andreas
> 
> --
> /Henrik Nord Erlang/OTP
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: 
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------


More information about the erlang-patches mailing list