Package: yaws / 2.0.8+dfsg-3

erlang-23.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
From: Sergei Golovan <sgolovan@debian.org>
Subject: Fix for Erlang 23 where ssl:cipher_suites/0 has been deprecated
Last-Modified: Sun, 21 Jun 2020 22:32:09 +0300

--- a/src/yaws_config.erl
+++ b/src/yaws_config.erl
@@ -2068,7 +2068,10 @@
         ["ciphers", '=', Val] ->
             try
                 L = str2term(Val),
-                Ciphers = ssl:cipher_suites(),
+                Ciphers = ssl:cipher_suites(default, tlsv1) ++
+                          ssl:cipher_suites(default, 'tlsv1.1') ++
+                          ssl:cipher_suites(default, 'tlsv1.2') ++
+                          ssl:cipher_suites(default, 'tlsv1.3'),
                 case check_ciphers(L, Ciphers) of
                     ok ->
                         C1 = C#sconf{ssl = (C#sconf.ssl)#ssl{ciphers = L}},
@@ -3554,7 +3557,13 @@
 check_ciphers([], _) ->
     ok;
 check_ciphers([Spec|Specs], L) ->
-    case lists:member(Spec, L) of
+    MapSpec = case Spec of
+                  Tuple when is_tuple(Spec) ->
+                      tuple_to_map(Tuple);
+                  Other ->
+                      Other
+              end,
+    case lists:member(MapSpec, L) of
         true ->
             check_ciphers(Specs, L);
         false ->
@@ -3563,6 +3572,29 @@
 check_ciphers(X,_) ->
     {error, ?F("Bad cipherspec ~p",[X])}.
 
+% tuple_to_map is borrowed from erlang/ssl.erl
+
+tuple_to_map({Kex, Cipher, Mac}) ->
+    #{key_exchange => Kex,
+      cipher => Cipher,
+      mac => Mac,
+      prf => default_prf};
+tuple_to_map({Kex, Cipher, Mac, Prf}) ->
+    #{key_exchange => Kex,
+      cipher => Cipher,
+      mac => tuple_to_map_mac(Cipher, Mac),
+      prf => Prf}.
+
+%% Backwards compatible
+tuple_to_map_mac(aes_128_gcm, _) -> 
+    aead;
+tuple_to_map_mac(aes_256_gcm, _) -> 
+    aead;
+tuple_to_map_mac(chacha20_poly1305, _) ->
+    aead;
+tuple_to_map_mac(_, MAC) ->
+    MAC.
+
 check_eccs(From_conf, Available) ->
     case From_conf -- Available of
         [] -> ok;