aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2018-08-06 13:04:25 +0200
committerIngela Anderton Andin <[email protected]>2018-08-07 15:39:31 +0200
commit7c23f62c90b1cd01eff03215967a6eb75ab7218f (patch)
tree429fc577660b3948535b26d25d03b2c2feafc3f0
parentcfebc7ca5667807768755e0a0cdac641e8fbb54d (diff)
downloadotp-7c23f62c90b1cd01eff03215967a6eb75ab7218f.tar.gz
otp-7c23f62c90b1cd01eff03215967a6eb75ab7218f.tar.bz2
otp-7c23f62c90b1cd01eff03215967a6eb75ab7218f.zip
ssl: Make sure that a correct cipher suite is selected
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
-rw-r--r--lib/ssl/src/ssl_cipher.erl4
-rw-r--r--lib/ssl/test/ssl_test_lib.erl5
2 files changed, 4 insertions, 5 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 50dadd0903..1aeb415bd9 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2777,6 +2777,8 @@ ecdsa_signed_suites(Ciphers, Version) ->
rsa_keyed(dhe_rsa) ->
true;
+rsa_keyed(ecdhe_rsa) ->
+ true;
rsa_keyed(rsa) ->
true;
rsa_keyed(rsa_psk) ->
@@ -2840,6 +2842,8 @@ ec_keyed(ecdh_ecdsa) ->
true;
ec_keyed(ecdh_rsa) ->
true;
+ec_keyed(ecdhe_ecdsa) ->
+ true;
ec_keyed(_) ->
false.
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 91a9c774a6..7202e3662c 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1524,11 +1524,6 @@ v_1_2_check(ecdh_ecdsa, ecdh_rsa) ->
true;
v_1_2_check(ecdh_rsa, ecdh_ecdsa) ->
true;
-v_1_2_check(ecdhe_ecdsa, ecdhe_rsa) ->
- true;
-v_1_2_check(ecdhe_rsa, ecdhe_ecdsa) ->
- true;
-
v_1_2_check(_, _) ->
false.