diff options
author | Ingela Anderton Andin <[email protected]> | 2018-08-06 13:04:25 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-08-09 16:03:53 +0200 |
commit | 2a5951d47566fde2c82ac85088f9df77bd730bcf (patch) | |
tree | 327df94aa89cf18a9b4202f5e6d0e162f70b1f3c | |
parent | a0ae44f324576104760a63fe6cf63e0ca31756fc (diff) | |
download | otp-2a5951d47566fde2c82ac85088f9df77bd730bcf.tar.gz otp-2a5951d47566fde2c82ac85088f9df77bd730bcf.tar.bz2 otp-2a5951d47566fde2c82ac85088f9df77bd730bcf.zip |
ssl: Make sure that a correct cipher suite is selected
The keyexchange ECDHE-RSA requires an RSA-keyed server cert
(corresponding for ECDHE-ECDSA), the code did not assert this
resulting in that a incorrect cipher suite could be selected.
Alas test code was also wrong hiding the error.
-rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 754fc46404..ebdc624ec7 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -2775,6 +2775,8 @@ ecdsa_signed_suites(Ciphers, Version) -> rsa_keyed(dhe_rsa) -> true; +rsa_keyed(ecdhe_rsa) -> + true; rsa_keyed(rsa) -> true; rsa_keyed(rsa_psk) -> @@ -2838,6 +2840,8 @@ ec_keyed(ecdh_ecdsa) -> true; ec_keyed(ecdh_rsa) -> true; +ec_keyed(ecdhe_ecdsa) -> + true; ec_keyed(_) -> false. |