diff options
| author | Andreas Schultz <[email protected]> | 2014-05-28 16:36:38 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2014-06-03 10:34:10 +0200 |
| commit | ae68f7e6ffcae1f6f44427795698611b89e0bfe7 (patch) | |
| tree | 16f11271e9e92a3a7b0cb3786044f1dc8efe57de /lib/ssl/src/ssl.erl | |
| parent | 3bfc1269e543941bd59567da6c3007319b5ada25 (diff) | |
| download | otp-ae68f7e6ffcae1f6f44427795698611b89e0bfe7.tar.gz otp-ae68f7e6ffcae1f6f44427795698611b89e0bfe7.tar.bz2 otp-ae68f7e6ffcae1f6f44427795698611b89e0bfe7.zip | |
SSL: always filter the full list of supported ciphers against the supported algorithms
With the addition of more ciphers that are not supported in all
configurations, using a manually prefiltered cipher list (e.g. EC vs.
non-EC ciphers) becomes to complex. Replace the manual split with
ssl_cipher:filter_suites/1 in all places.
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_v1.erl
Diffstat (limited to 'lib/ssl/src/ssl.erl')
| -rw-r--r-- | lib/ssl/src/ssl.erl | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index bbe1de5c7b..be1041ca13 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -346,17 +346,22 @@ negotiated_next_protocol(#sslsocket{pid = Pid}) -> %%-------------------------------------------------------------------- cipher_suites() -> cipher_suites(erlang). - + cipher_suites(erlang) -> Version = tls_record:highest_protocol_version([]), - [suite_definition(S) || S <- ssl_cipher:suites(Version)]; - + ssl_cipher:filter_suites([suite_definition(S) + || S <- ssl_cipher:suites(Version)]); cipher_suites(openssl) -> Version = tls_record:highest_protocol_version([]), - [ssl_cipher:openssl_suite_name(S) || S <- ssl_cipher:suites(Version)]; + [ssl_cipher:openssl_suite_name(S) + || S <- ssl_cipher:filter_suites(ssl_cipher:suites(Version))]; cipher_suites(all) -> Version = tls_record:highest_protocol_version([]), - [suite_definition(S) || S <- ssl_cipher:all_suites(Version)]. + Supported = ssl_cipher:all_suites(Version) + ++ ssl_cipher:anonymous_suites(Version) + ++ ssl_cipher:psk_suites(Version) + ++ ssl_cipher:srp_suites(), + ssl_cipher:filter_suites([suite_definition(S) || S <- Supported]). %%-------------------------------------------------------------------- -spec getopts(#sslsocket{}, [gen_tcp:option_name()]) -> @@ -929,6 +934,7 @@ handle_cipher_option(Value, Version) when is_list(Value) -> error:_-> throw({error, {options, {ciphers, Value}}}) end. + binary_cipher_suites(Version, []) -> %% Defaults to all supported suites that does %% not require explicit configuration |