SSL: filter TLS cipher suites for supported algorithms

author: Andreas Schultz <[email protected]> 2013-02-19 18:06:26 +0100
committer: Ingela Anderton Andin <[email protected]> 2013-05-08 10:39:16 +0200
commit: 432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c (patch)
tree: aa89dcf32103b310160b491217eeb4d0d58523e4 /lib/ssl/src/ssl.erl
parent: 709d0482af92ca52d26296f008b495a36161ca00 (diff)
download: otp-432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c.tar.gz
otp-432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c.tar.bz2
otp-432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c.zip
1 files changed, 9 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 70f3b4f050..742889d8f8 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -364,11 +364,11 @@ cipher_suites() ->
   
 cipher_suites(erlang) ->
     Version = ssl_record:highest_protocol_version([]),
-    [suite_definition(S) || S <- ssl_cipher:suites(Version)];
+    [suite_definition(S) || S <- cipher_suites(Version, [])];
 
 cipher_suites(openssl) ->
     Version = ssl_record:highest_protocol_version([]),
-    [ssl_cipher:openssl_suite_name(S) || S <- ssl_cipher:suites(Version)];
+    [ssl_cipher:openssl_suite_name(S) || S <- cipher_suites(Version, [])];
 
 cipher_suites(all) ->
     Version = ssl_record:highest_protocol_version([]),
@@ -947,21 +947,22 @@ emulated_options([], Inet,Emulated) ->
     {Inet, Emulated}.
 
 cipher_suites(Version, []) ->
-    ssl_cipher:suites(Version);
+    ssl_cipher:filter_suites(ssl_cipher:suites(Version));
 cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility
     Ciphers = [{KeyExchange, Cipher, Hash} || {KeyExchange, Cipher, Hash, _} <- Ciphers0],
-    cipher_suites(Version, Ciphers);
+    ssl_cipher:filter_suites(cipher_suites(Version, Ciphers));
 cipher_suites(Version, [{_,_,_}| _] = Ciphers0) ->
     Ciphers = [ssl_cipher:suite(C) || C <- Ciphers0],
-    cipher_suites(Version, Ciphers);
+    ssl_cipher:filter_suites(cipher_suites(Version, Ciphers));
 cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
-    Supported = ssl_cipher:suites(Version)
+    Supported0 = ssl_cipher:suites(Version)
 	++ ssl_cipher:anonymous_suites()
 	++ ssl_cipher:psk_suites(Version)
 	++ ssl_cipher:srp_suites(),
-    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported)] of
+    Supported1 = ssl_cipher:filter_suites(Supported0),
+    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported1)] of
 	[] ->
-	    Supported;
+	    Supported1;
 	Ciphers ->
 	    Ciphers
     end;
author	Andreas Schultz <[email protected]>	2013-02-19 18:06:26 +0100
committer	Ingela Anderton Andin <[email protected]>	2013-05-08 10:39:16 +0200
commit	432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c (patch)
tree	aa89dcf32103b310160b491217eeb4d0d58523e4 /lib/ssl/src/ssl.erl
parent	709d0482af92ca52d26296f008b495a36161ca00 (diff)
download	otp-432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c.tar.gz otp-432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c.tar.bz2 otp-432d3c39ad28fb4033b9e9c2c6aa4474dbfad03c.zip