Merge branch 'ia/ssl/ECC-curve-selection/OTP-11575' into maint

* ia/ssl/ECC-curve-selection/OTP-11575:
  ssl: Prepare for release
  ssl: fix elliptic curve selection in server mode

4 files changed, 14 insertions, 8 deletions

diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index a0cdebe547..3a64841976 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,7 +1,10 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
-  {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}]},
+  {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []},
+		 {load_module, ssl_connection, soft_purge, soft_purge, []},
+		 {load_module, ssl_handshake, soft_purge, soft_purge, []},
+		 {load_module, tls_connection, soft_purge, soft_purge, []}]},
   {<<"5.3.1">>, [{restart_application, ssl}]},
   {<<"5.2\\*">>, [{restart_application, ssl}]},
   {<<"5.1\\*">>, [{restart_application, ssl}]},
@@ -10,7 +13,10 @@
   {<<"3\\.*">>, [{restart_application, ssl}]}
  ], 
  [
-  {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []}]},
+  {<<"5.3.2">>, [{load_module, ssl, soft_purge, soft_purge, []},
+		 {load_module, ssl_connection, soft_purge, soft_purge, []},
+		 {load_module, ssl_handshake, soft_purge, soft_purge, []},
+		 {load_module, tls_connection, soft_purge, soft_purge, []}]},
   {<<"5.3.1">>, [{restart_application, ssl}]},
   {<<"5.2\\*">>, [{restart_application, ssl}]},
   {<<"5.1\\*">>, [{restart_application, ssl}]},
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index b7c1b9e8d0..82106935cb 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1597,7 +1597,7 @@ default_hashsign(_Version, KeyExchange)
 select_curve(#state{client_ecc = {[Curve|_], _}}) ->
     {namedCurve, Curve};
 select_curve(_) ->
-    {namedCurve, ?secp256k1}.
+    {namedCurve, ?secp256r1}.
 
 is_anonymous(Algo) when Algo == dh_anon;
 			Algo == ecdh_anon;
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index da72ffc043..f5c0034f1b 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1287,7 +1287,7 @@ select_curve(#elliptic_curves{elliptic_curve_list = ClientCurves},
 select_curve(undefined, _) ->
     %% Client did not send ECC extension use default curve if 
     %% ECC cipher is negotiated
-    {namedCurve, ?secp256k1};
+    {namedCurve, ?secp256r1};
 select_curve(_, []) ->
     no_curve;
 select_curve(Curves, [Curve| Rest]) ->
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 8e6f80da1e..ffa04ee8ba 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -199,7 +199,9 @@ hello(start, #state{host = Host, port = Port, role = client,
     next_state(hello, hello, Record, State);
 
 hello(Hello = #client_hello{client_version = ClientVersion,
-			    extensions = #hello_extensions{hash_signs = HashSigns}},
+			    extensions = #hello_extensions{hash_signs = HashSigns,
+							   ec_point_formats = EcPointFormats,
+							   elliptic_curves = EllipticCurves}},
       State = #state{connection_states = ConnectionStates0,
 		     port = Port, session = #session{own_certificate = Cert} = Session0,
 		     renegotiation = {Renegotiation, _},
@@ -210,9 +212,7 @@ hello(Hello = #client_hello{client_version = ClientVersion,
     case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb,
 					      ConnectionStates0, Cert}, Renegotiation) of
         {Version, {Type, Session},
-	 ConnectionStates,
-	 #hello_extensions{ec_point_formats = EcPointFormats,
-			   elliptic_curves = EllipticCurves} = ServerHelloExt} ->
+	 ConnectionStates, ServerHelloExt} ->
             ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign},
 				 State#state{connection_states  = ConnectionStates,
 					     negotiated_version = Version,