Merge branch 'ingela/ssl/ECC-selection-fix/OTP-13918' into maint-19

* ingela/ssl/ECC-selection-fix/OTP-13918:
  ssl: Correct ECC curve selection, the error could cause default to always be selected.

1 files changed, 2 insertions, 6 deletions

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 304d1706f5..08fca76123 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1430,13 +1430,14 @@ key_exchange(#state{role = server, private_key = Key, key_algorithm = Algo} = St
 key_exchange(#state{role = server, key_algorithm = Algo,
 		    hashsign_algorithm = HashSignAlgo,
 		    private_key = PrivateKey,
+		    session = #session{ecc = ECCCurve},
 		    connection_states = ConnectionStates0,
 		    negotiated_version = Version
 		   } = State0, Connection)
   when Algo == ecdhe_ecdsa; Algo == ecdhe_rsa;
        Algo == ecdh_anon ->
 
-    ECDHKeys = public_key:generate_key(select_curve(State0)),
+    ECDHKeys = public_key:generate_key(ECCCurve),
     #{security_parameters := SecParams} = 
 	ssl_record:pending_connection_state(ConnectionStates0, read),
     #security_parameters{client_random = ClientRandom,
@@ -1845,11 +1846,6 @@ cipher_role(server, Data, Session,  #state{connection_states = ConnectionStates0
     {Record, State} = prepare_connection(State1, Connection),
     Connection:next_event(connection, Record, State).
 
-select_curve(#state{client_ecc = {[Curve|_], _}}) ->
-    {namedCurve, Curve};
-select_curve(_) ->
-    {namedCurve, ?secp256r1}.
-
 is_anonymous(Algo) when Algo == dh_anon;
 			Algo == ecdh_anon;
 			Algo == psk;