[erlang-questions] TLS 1.2 hash and signature selection

Ingela Andin ingela.andin@REDACTED
Thu Apr 28 11:51:34 CEST 2016


Hi!

No I think your understanding is correct. It ought to be (Major >= 3)
andalso (Minor >= 3)
Alas it seems the positive test case will succeeded in spite of this,
embarrassing  :(
Good we caught it before 19 :), and 18.3.2 needs to be patched anyway ;)

Regards Ingela OTP/Team - Ericsson AB


2016-04-28 9:57 GMT+02:00 Andreas Schultz <aschultz@REDACTED>:

> Hi,
>
> I'm trying to understand how this code in tls_handshake.erl is
> supposed to work:
>
> available_signature_algs(undefined, SupportedHashSigns, _, {Major, Minor})
> when (Major < 3) andalso (Minor < 3) ->
>     SupportedHashSigns;
> available_signature_algs(#hash_sign_algos{hash_sign_algos =
> ClientHashSigns}, SupportedHashSigns,
>                      _, {Major, Minor}) when (Major < 3) andalso (Minor <
> 3) ->
>     ordsets:intersection(ClientHashSigns, SupportedHashSigns);
> available_signature_algs(_, _, _, _) ->
>     undefined.
>
> The signature extension was introduce in TLS 1.2, but the
> above code seems to perform signature algorithm filtering
> only when the version is lower than TLS 1.2.
>
> Or do I miss something?
>
> Regards
> Andreas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160428/55691ca6/attachment.htm>


More information about the erlang-questions mailing list