File 3951-ssl-Remove-less-that-256-bit-ECC-from-defa... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 3951-ssl-Remove-less-that-256-bit-ECC-from-default-suppor.patch of Package erlang

From 462840f8e26d22ef9164ada13489b6b910a25189 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 24 Mar 2023 09:25:03 +0100
Subject: [PATCH] ssl: Remove less that 256 bit ECC from default supported ECC
 pre TLS-1.3

TLS-1.3 already does not support such curves
---
 lib/ssl/doc/src/ssl.xml | 4 ++++
 lib/ssl/src/ssl.erl     | 6 ++++--
 lib/ssl/src/tls_v1.erl  | 5 +----
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index ea4e458ea6..3574ae91ac 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -228,6 +228,10 @@
       <name name="named_curve"/>
      </datatype>
 
+     <datatype>
+       <name name="legacy_named_curve"/>
+     </datatype>
+     
      <datatype>
        <name name="psk_identity"/>
      </datatype>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 29d0cb0a32..e9cf2b0642 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -246,7 +246,9 @@
                                  brainpoolP256r1 |
                                  secp256k1 |
                                  secp256r1 |
-                                 sect239k1 |
+                                 legacy_named_curve(). % exported
+
+-type legacy_named_curve()  ::   sect239k1 |
                                  sect233k1 |
                                  sect233r1 |
                                  secp224k1 |
@@ -260,7 +262,7 @@
                                  sect163r2 |
                                  secp160k1 |
                                  secp160r1 |
-                                 secp160r2. % exported
+                                 secp160r2.
 
 -type group() :: x25519 | x448 | secp256r1 | secp384r1 | secp521r1 | ffdhe2048 |
                  ffdhe3072 | ffdhe4096 | ffdhe6144 | ffdhe8192. % exported
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index c3493f6ebe..502410182b 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -1126,10 +1126,7 @@ is_pair(_,_,_) ->
 ecc_curves(all) ->
     [sect571r1,sect571k1,secp521r1,brainpoolP512r1,
      sect409k1,sect409r1,brainpoolP384r1,secp384r1,
-     sect283k1,sect283r1,brainpoolP256r1,secp256k1,secp256r1,
-     sect239k1,sect233k1,sect233r1,secp224k1,secp224r1,
-     sect193r1,sect193r2,secp192k1,secp192r1,sect163k1,
-     sect163r1,sect163r2,secp160k1,secp160r1,secp160r2];
+     sect283k1,sect283r1,brainpoolP256r1,secp256k1,secp256r1];
 
 ecc_curves(Minor) ->
     TLSCurves = ecc_curves(all),
-- 
2.35.3

Places

File 3951-ssl-Remove-less-that-256-bit-ECC-from-default-suppor.patch of Package erlang

Places