Skip to content

Instantly share code, notes, and snippets.

@Vagabond

Vagabond/tls_connection.erl.diff

Last active December 24, 2015 17:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Vagabond/6836706 to your computer and use it in GitHub Desktop.
Save Vagabond/6836706 to your computer and use it in GitHub Desktop.
Download ZIP
TLS connection patch to correctly negotiate ECC curves.
Raw
tls_connection.erl.diff
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 5618837..42fc099 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -415,11 +415,16 @@ hello(Hello = #client_hello{client_version = ClientVersion,
ConnectionStates0, Cert}, Renegotiation) of
{Version, {Type, #session{cipher_suite = CipherSuite} = Session},
ConnectionStates,
- #hello_extensions{ec_point_formats = EcPointFormats,
- elliptic_curves = EllipticCurves} = ServerHelloExt} ->
+ #hello_extensions{ec_point_formats = EcPointFormats} = ServerHelloExt} ->
{KeyAlg, _, _, _} = ssl_cipher:suite_definition(CipherSuite),
+ EllipticCurves = case (Hello#client_hello.extensions)#hello_extensions.elliptic_curves of
+ {elliptic_curves, Curves} ->
+ Curves;
+ _ ->
+ undefined
+ end,
NegotiatedHashSign = negotiated_hashsign(HashSign, KeyAlg, Version),
- do_server_hello(Type, ServerHelloExt,
+ do_server_hello(Type, ServerHelloExt#hello_extensions{elliptic_curves=undefined},
State#state{connection_states = ConnectionStates,
negotiated_version = Version,
session = Session,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment