Skip to content

Commit

Permalink
Remove bad cipher filter
Browse files Browse the repository at this point in the history
Will be a riak_core responsibility to not, by default, pass bad ciphers.
  • Loading branch information
martinsumner committed Mar 14, 2019
1 parent 5fded60 commit ea64c62
Showing 1 changed file with 7 additions and 8 deletions.
15 changes: 7 additions & 8 deletions src/mochiweb_socket.erl
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,13 @@ add_unbroken_ciphers_default(Opts) ->
[{ciphers, Ciphers} | proplists:delete(ciphers, Opts)].

filter_broken_cipher_suites(Ciphers) ->
case proplists:get_value(ssl_app, ssl:versions()) of
"5.3" ++ _ ->
lists:filter(fun(Suite) ->
string:left(atom_to_list(element(1, Suite)), 4) =/= "ecdh"
end, Ciphers);
_ ->
Ciphers
end.
% This was intended to remove any cipher that has "ecdh", however it makes
% assumptions that the ciphers are passed in their non-binary format e.g.
% without conversion using
% https://github.com/erlang/otp/blob/OTP_R16B03/lib/ssl/src/ssl_cipher.erl#L750-L857
% So we ignore the filter for now. The filter should be re-applied in riak_core
% prior to any conversion.
Ciphers.

filter_unsecure_cipher_suites(Ciphers) ->
lists:filter(fun
Expand Down

0 comments on commit ea64c62

Please sign in to comment.