Created
May 17, 2024 17:46
-
-
Save yonashaile/58b972b58c05a91300e8072cd6e091c2 to your computer and use it in GitHub Desktop.
Remove unsupported FIPS crypto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl | |
index 01f8562..a60ebab 100644 | |
--- a/lib/ssl/src/tls_record.erl | |
+++ b/lib/ssl/src/tls_record.erl | |
@@ -431,7 +431,6 @@ sufficient_crypto_support(CryptoSupport, 'tlsv1.3') -> | |
is_algorithm_supported(CryptoSupport, Group, Algorithm) | |
end, | |
L = [{ciphers, aes_gcm}, %% TLS_AES_*_GCM_* | |
- {ciphers, chacha20_poly1305}, %% TLS_CHACHA20_POLY1305_SHA256 | |
{hashs, sha256}, %% TLS_AES_128_GCM_SHA256 | |
{hashs, sha384}, %% TLS_AES_256_GCM_SHA384 | |
{rsa_opts, rsa_pkcs1_padding}, %% rsa_pkcs1_sha256 | |
@@ -442,8 +441,7 @@ sufficient_crypto_support(CryptoSupport, 'tlsv1.3') -> | |
{public_keys, rsa}, | |
{public_keys, ecdsa}, | |
%% {public_keys, eddsa}, %% TODO | |
- {curves, secp256r1}, %% key exchange with secp256r1 | |
- {curves, x25519}], %% key exchange with X25519 | |
+ {curves, secp256r1}], %% key exchange with secp256r1 | |
lists:all(Fun, L); | |
sufficient_crypto_support(CryptoSupport, Version) -> | |
sufficient_crypto_support(CryptoSupport, protocol_version(Version)). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment