nickva commented on a change in pull request #5:
URL: https://github.com/apache/couchdb-mochiweb/pull/5#discussion_r643219360
##########
File path: src/mochiweb_socket.erl
##########
@@ -29,11 +29,43 @@ listen(Ssl, Port, Opts, SslOpts) ->
gen_tcp:listen(Port, Opts)
end.
+-ifdef(new_crypto_unavailable).
add_unbroken_ciphers_default(Opts) ->
Default = filter_unsecure_cipher_suites(ssl:cipher_suites()),
Ciphers = filter_broken_cipher_suites(proplists:get_value(ciphers, Opts,
Default)),
[{ciphers, Ciphers} | proplists:delete(ciphers, Opts)].
+%% Filter old map style cipher suites
+filter_unsecure_cipher_suites(Ciphers) ->
+ lists:filter(fun
+ ({_,des_cbc,_}) -> false;
+ ({_,_,md5}) -> false;
+ (_) -> true
+ end,
+ Ciphers).
+
+-else.
+add_unbroken_ciphers_default(Opts) ->
+ %% add_safe_protocol_versions/1 must have been called to ensure a
{versions, _} tuple is present
+ Versions = proplists:get_value(versions, Opts),
+ CipherSuites = lists:append([ssl:cipher_suites(all, Version) || Version <-
Versions]),
+ Default = filter_unsecure_cipher_suites(CipherSuites),
+ Ciphers = filter_broken_cipher_suites(proplists:get_value(ciphers, Opts,
Default)),
+ [{ciphers, Ciphers} | proplists:delete(ciphers, Opts)].
+
+%% Filter new map style cipher suites
+filter_unsecure_cipher_suites(Ciphers) ->
+ lists:filter(fun
+ ({_,des_cbc,_}) -> false;
+ ({_,_,md5}) -> false;
Review comment:
Probably don't need to check for tuples here if this block is included
in the `-else. ...` section with the new new crypto.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
