ssl: Filter default ciphers for supported Crypto algorihms

1 files changed, 9 insertions, 6 deletions

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 189bbd7edd..bbe1de5c7b 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -929,8 +929,10 @@ handle_cipher_option(Value, Version)  when is_list(Value) ->
 	error:_->
 	    throw({error, {options, {ciphers, Value}}})
     end.
-binary_cipher_suites(Version, []) -> % Defaults to all supported suites
-    ssl_cipher:suites(Version);
+binary_cipher_suites(Version, []) -> 
+    %% Defaults to all supported suites that does
+    %% not require explicit configuration
+    ssl_cipher:filter_suites(ssl_cipher:suites(Version));
 binary_cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility
     Ciphers = [{KeyExchange, Cipher, Hash} || {KeyExchange, Cipher, Hash, _} <- Ciphers0],
     binary_cipher_suites(Version, Ciphers);
@@ -939,14 +941,15 @@ binary_cipher_suites(Version, [{_,_,_}| _] = Ciphers0) ->
     binary_cipher_suites(Version, Ciphers);
 
 binary_cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
-    Supported0 = ssl_cipher:suites(Version)
+    All = ssl_cipher:suites(Version)
 	++ ssl_cipher:anonymous_suites()
 	++ ssl_cipher:psk_suites(Version)
 	++ ssl_cipher:srp_suites(),
-    Supported = ssl_cipher:filter_suites(Supported0),
-    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported)] of
+    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, All)] of
 	[] ->
-	    Supported;  %% Defaults to all supported suits
+	    %% Defaults to all supported suites that does
+	    %% not require explicit configuration
+	    ssl_cipher:filter_suites(ssl_cipher:suites(Version));
 	Ciphers ->
 	    Ciphers
     end;