You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2021/06/01 15:35:51 UTC

[GitHub] [couchdb-mochiweb] nickva commented on a change in pull request #5: Upgrade crypto functions to support OTP 23

nickva commented on a change in pull request #5:
URL: https://github.com/apache/couchdb-mochiweb/pull/5#discussion_r643219360



##########
File path: src/mochiweb_socket.erl
##########
@@ -29,11 +29,43 @@ listen(Ssl, Port, Opts, SslOpts) ->
             gen_tcp:listen(Port, Opts)
     end.
 
+-ifdef(new_crypto_unavailable).
 add_unbroken_ciphers_default(Opts) ->
     Default = filter_unsecure_cipher_suites(ssl:cipher_suites()),
     Ciphers = filter_broken_cipher_suites(proplists:get_value(ciphers, Opts, Default)),
     [{ciphers, Ciphers} | proplists:delete(ciphers, Opts)].
 
+%% Filter old map style cipher suites
+filter_unsecure_cipher_suites(Ciphers) ->
+    lists:filter(fun
+                    ({_,des_cbc,_}) -> false;
+                    ({_,_,md5}) -> false;
+                    (_) -> true
+                 end,
+                 Ciphers).
+
+-else.
+add_unbroken_ciphers_default(Opts) ->
+    %% add_safe_protocol_versions/1 must have been called to ensure a {versions, _} tuple is present
+    Versions = proplists:get_value(versions, Opts),
+    CipherSuites = lists:append([ssl:cipher_suites(all, Version) || Version <- Versions]),
+    Default = filter_unsecure_cipher_suites(CipherSuites),
+    Ciphers = filter_broken_cipher_suites(proplists:get_value(ciphers, Opts, Default)),
+    [{ciphers, Ciphers} | proplists:delete(ciphers, Opts)].
+
+%% Filter new map style cipher suites
+filter_unsecure_cipher_suites(Ciphers) ->
+    lists:filter(fun
+                    ({_,des_cbc,_}) -> false;
+                    ({_,_,md5}) -> false;

Review comment:
       Probably don't need to check for tuples here if this block is included in the `-else. ...` section with the new new crypto. 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org