diff options
| author | Ingela Anderton Andin <[email protected]> | 2014-01-28 11:07:32 +0100 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2014-01-28 11:07:32 +0100 |
| commit | 9b0637d83248699eca1673d9b11a542cb2e63720 (patch) | |
| tree | b72fa3cb493a163178f1a3e113c8c6089b4d86e2 /lib/ssl/src/ssl_handshake.erl | |
| parent | bb5b33bd3a7c8cbb97695c00f4b9b0d89121f861 (diff) | |
| parent | cb16d84c66b6040ca668b2e23ad4e740a3f3d0af (diff) | |
| download | otp-9b0637d83248699eca1673d9b11a542cb2e63720.tar.gz otp-9b0637d83248699eca1673d9b11a542cb2e63720.tar.bz2 otp-9b0637d83248699eca1673d9b11a542cb2e63720.zip | |
Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621'
* ia/Vagabond/adt-honor-cipher-order/OTP-11621:
Implement 'honor_cipher_order' SSL server-side option
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 2b9bae6e80..487dfc01d9 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1029,14 +1029,15 @@ cipher_suites(Suites, true) -> select_session(SuggestedSessionId, CipherSuites, Compressions, Port, #session{ecc = ECCCurve} = Session, Version, - #ssl_options{ciphers = UserSuites} = SslOpts, Cache, CacheCb, Cert) -> + #ssl_options{ciphers = UserSuites, honor_cipher_order = HCO} = SslOpts, + Cache, CacheCb, Cert) -> {SessionId, Resumed} = ssl_session:server_id(Port, SuggestedSessionId, SslOpts, Cert, Cache, CacheCb), case Resumed of undefined -> Suites = available_suites(Cert, UserSuites, Version, ECCCurve), - CipherSuite = select_cipher_suite(CipherSuites, Suites), + CipherSuite = select_cipher_suite(CipherSuites, Suites, HCO), Compression = select_compression(Compressions), {new, Session#session{session_id = SessionId, cipher_suite = CipherSuite, @@ -1796,6 +1797,11 @@ handle_srp_extension(#srp{username = Username}, Session) -> %%-------------Misc -------------------------------- +select_cipher_suite(CipherSuites, Suites, false) -> + select_cipher_suite(CipherSuites, Suites); +select_cipher_suite(CipherSuites, Suites, true) -> + select_cipher_suite(Suites, CipherSuites). + select_cipher_suite([], _) -> no_suite; select_cipher_suite([Suite | ClientSuites], SupportedSuites) -> |