nickva commented on a change in pull request #5:
URL: https://github.com/apache/couchdb-mochiweb/pull/5#discussion_r640043407
##########
File path: src/mochiweb_socket.erl
##########
@@ -29,11 +29,22 @@ listen(Ssl, Port, Opts, SslOpts) ->
gen_tcp:listen(Port, Opts)
end.
+-ifdef(new_ssl_unavailable).
add_unbroken_ciphers_default(Opts) ->
Default = filter_unsecure_cipher_suites(ssl:cipher_suites()),
Ciphers = filter_broken_cipher_suites(proplists:get_value(ciphers, Opts,
Default)),
[{ciphers, Ciphers} | proplists:delete(ciphers, Opts)].
+-else.
+add_unbroken_ciphers_default(Opts) ->
+ CipherSuitesListMap = ssl:cipher_suites(default, 'tlsv1.3'),
+ CipherSuitesList = [{KeyExchange, Cipher, Mac, Prf} || #{cipher := Cipher,
key_exchange := KeyExchange, mac := Mac, prf := Prf} <- CipherSuitesListMap],
+ Default = filter_unsecure_cipher_suites(CipherSuitesList),
+ Ciphers = filter_broken_cipher_suites(proplists:get_value(ciphers, Opts,
Default)),
+ [{ciphers, Ciphers} | proplists:delete(ciphers, Opts)].
Review comment:
It looks like technically ssl:connect/2,3.. would accept tuples as
cipher suites even until OTP 25 at least.
https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl.erl#L2580-L2582
But it's still probably better to switch to maps on versions of erlang which
support maps.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
