Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
1233-ssl-renegotiate-1should-return-error-for-t...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 1233-ssl-renegotiate-1should-return-error-for-tls1.3.patch of Package erlang
From 8754a01ce296052e1ffa87f2ffd9c386050278f3 Mon Sep 17 00:00:00 2001 From: anupamasingh10 <anupamasingh31@gmail.com> Date: Mon, 20 Mar 2023 09:28:46 +0100 Subject: [PATCH 1/2] ssl:renegotiate/1should return error for tls1.3 --- lib/ssl/doc/src/ssl.xml | 6 ++++++ lib/ssl/src/ssl.erl | 17 +++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index ba2bcc15b2..fe9bf8cd15 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -2008,6 +2008,12 @@ fun(srp, Username :: binary(), UserState :: term()) -> <c>{error, renegotiation_rejected}</c> indicating that the peer refused to go through with the renegotiation, but the connection is still active using the previously negotiated session.</p> + <p>TLS-1.3 has removed the renegotiate feature of earlier TLS versions + and instead adds a new feature called key update that replaces the most + important part of renegotiate, that is the refreshing of session keys. + This is triggered automatically after reaching a plaintext limit and + can be configured by option <seetype marker="ssl:ssl#key_update_at">key_update_at</seetype>. + </p> </desc> </func> diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 8050b354bd..44d1a0c24f 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -1346,13 +1346,18 @@ versions() -> %% %% Description: Initiates a renegotiation. %%-------------------------------------------------------------------- -renegotiate(#sslsocket{pid = [Pid, Sender |_]}) when is_pid(Pid), +renegotiate(#sslsocket{pid = [Pid, Sender |_]} = Socket) when is_pid(Pid), is_pid(Sender) -> - case tls_sender:renegotiate(Sender) of - {ok, Write} -> - tls_dtls_connection:renegotiation(Pid, Write); - Error -> - Error + case ssl:connection_information(Socket, [protocol]) of + {ok, [{protocol, 'tlsv1.3'}]} -> + {error, notsup}; + _ -> + case tls_sender:renegotiate(Sender) of + {ok, Write} -> + tls_dtls_connection:renegotiation(Pid, Write); + Error -> + Error + end end; renegotiate(#sslsocket{pid = [Pid |_]}) when is_pid(Pid) -> tls_dtls_connection:renegotiation(Pid); -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor