File 2136-ssl-Remove-default-support-for-use-of-md5-in-TLS-1.2.patch of Package erlang

From 9a834cff78e3f4e33b561304c83de717019f5a4d Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 5 Apr 2016 07:50:01 +0200
Subject: [PATCH 2/2] ssl: Remove default support for use of md5 in TLS 1.2
 signature algorithms

---
 lib/ssl/doc/src/ssl.xml | 4 +---
 lib/ssl/src/tls_v1.erl  | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 17842c7..53d534e 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -548,13 +548,11 @@ fun(srp, Username :: string(), UserState :: term()) ->
 {sha, ecdsa},
 {sha, rsa},
 {sha, dsa},
-%% MD5
-{md5, rsa}
 ]</code>
 	
 	The algorithms should be in the preferred order.
 	Selected signature algorithm can restrict which hash functions
-	that may be selected.
+	that may be selected. Default support for {md5, rsa} removed in ssl-8.0
 	</p>
 	</item>
       </taglist>
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 0cf6f88..03cef63 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -298,9 +298,7 @@ default_signature_algs({3, 3} = Version) ->
 	       %% SHA
 	       {sha, ecdsa},
 	       {sha, rsa},
-	       {sha, dsa},
-	       %% MD5
-	       {md5, rsa}],
+	       {sha, dsa}],
     signature_algs(Version, Default);
 default_signature_algs(_) ->
     undefined.
-- 
2.1.4

Places

File 2136-ssl-Remove-default-support-for-use-of-md5-in-TLS-1.2.patch of Package erlang

Places