diff options
author | Ingela Anderton Andin <[email protected]> | 2018-08-06 13:04:25 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-08-09 16:09:02 +0200 |
commit | 803bc2a1df253ff43255a9407672030fe2b4afd5 (patch) | |
tree | 65479e5a3bcafac87eff009c17530655d76a3aa7 | |
parent | ca9f2fe073b587e70b5502c87be3eca6f72ddd57 (diff) | |
download | otp-803bc2a1df253ff43255a9407672030fe2b4afd5.tar.gz otp-803bc2a1df253ff43255a9407672030fe2b4afd5.tar.bz2 otp-803bc2a1df253ff43255a9407672030fe2b4afd5.zip |
ssl: Make sure that a correct cipher suite is selected
The keyexchange ECDHE-RSA requires an RSA-keyed server cert
(corresponding for ECDHE-ECDSA), the code did not assert this
resulting in that a incorrect cipher suite could be selected.
Alas test code was also wrong hiding the error.
-rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 4 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 5 |
2 files changed, 4 insertions, 5 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 50dadd0903..1aeb415bd9 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -2777,6 +2777,8 @@ ecdsa_signed_suites(Ciphers, Version) -> rsa_keyed(dhe_rsa) -> true; +rsa_keyed(ecdhe_rsa) -> + true; rsa_keyed(rsa) -> true; rsa_keyed(rsa_psk) -> @@ -2840,6 +2842,8 @@ ec_keyed(ecdh_ecdsa) -> true; ec_keyed(ecdh_rsa) -> true; +ec_keyed(ecdhe_ecdsa) -> + true; ec_keyed(_) -> false. diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 91a9c774a6..7202e3662c 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -1524,11 +1524,6 @@ v_1_2_check(ecdh_ecdsa, ecdh_rsa) -> true; v_1_2_check(ecdh_rsa, ecdh_ecdsa) -> true; -v_1_2_check(ecdhe_ecdsa, ecdhe_rsa) -> - true; -v_1_2_check(ecdhe_rsa, ecdhe_ecdsa) -> - true; - v_1_2_check(_, _) -> false. |