aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2018-08-06 13:04:25 +0200
committerIngela Anderton Andin <[email protected]>2018-08-09 16:05:45 +0200
commit4e848c9c656ab7da22a6ded0d322e4dbd84cc5a3 (patch)
tree327df94aa89cf18a9b4202f5e6d0e162f70b1f3c
parenta0ae44f324576104760a63fe6cf63e0ca31756fc (diff)
downloadotp-4e848c9c656ab7da22a6ded0d322e4dbd84cc5a3.tar.gz
otp-4e848c9c656ab7da22a6ded0d322e4dbd84cc5a3.tar.bz2
otp-4e848c9c656ab7da22a6ded0d322e4dbd84cc5a3.zip
ssl: Make sure that a correct cipher suite is selected
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
-rw-r--r--lib/ssl/src/ssl_cipher.erl4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 754fc46404..ebdc624ec7 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2775,6 +2775,8 @@ ecdsa_signed_suites(Ciphers, Version) ->
rsa_keyed(dhe_rsa) ->
true;
+rsa_keyed(ecdhe_rsa) ->
+ true;
rsa_keyed(rsa) ->
true;
rsa_keyed(rsa_psk) ->
@@ -2838,6 +2840,8 @@ ec_keyed(ecdh_ecdsa) ->
true;
ec_keyed(ecdh_rsa) ->
true;
+ec_keyed(ecdhe_ecdsa) ->
+ true;
ec_keyed(_) ->
false.