[erlang-questions] TLS 1.2 hash and signature selection
Ingela Andin
ingela.andin@REDACTED
Thu Apr 28 11:51:34 CEST 2016
Hi!
No I think your understanding is correct. It ought to be (Major >= 3)
andalso (Minor >= 3)
Alas it seems the positive test case will succeeded in spite of this,
embarrassing :(
Good we caught it before 19 :), and 18.3.2 needs to be patched anyway ;)
Regards Ingela OTP/Team - Ericsson AB
2016-04-28 9:57 GMT+02:00 Andreas Schultz <aschultz@REDACTED>:
> Hi,
>
> I'm trying to understand how this code in tls_handshake.erl is
> supposed to work:
>
> available_signature_algs(undefined, SupportedHashSigns, _, {Major, Minor})
> when (Major < 3) andalso (Minor < 3) ->
> SupportedHashSigns;
> available_signature_algs(#hash_sign_algos{hash_sign_algos =
> ClientHashSigns}, SupportedHashSigns,
> _, {Major, Minor}) when (Major < 3) andalso (Minor <
> 3) ->
> ordsets:intersection(ClientHashSigns, SupportedHashSigns);
> available_signature_algs(_, _, _, _) ->
> undefined.
>
> The signature extension was introduce in TLS 1.2, but the
> above code seems to perform signature algorithm filtering
> only when the version is lower than TLS 1.2.
>
> Or do I miss something?
>
> Regards
> Andreas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160428/55691ca6/attachment.htm>
More information about the erlang-questions
mailing list