ssl: Fix cipher suite handling

Implementations of TLS 1.3 which choose to support prior versions of
TLS SHOULD support TLS 1.2. That is, a TLS 1.3 ClientHello shall
advertise support for TLS 1.2 ciphers in order to be able to connect
to TLS 1.2 servers.

This commit changes the list of the advertised cipher suites to
include old TLS 1.2 ciphers.

Change-Id: Iaece3ac4b66a59dfbe97068b682d6010d74522b8

1 files changed, 8 insertions, 6 deletions

diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index e6be574916..7d28962d2d 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -32,7 +32,7 @@
 -export([master_secret/4, finished/5, certificate_verify/3, mac_hash/7, hmac_hash/3,
 	 setup_keys/8, suites/1, prf/5,
 	 ecc_curves/1, ecc_curves/2, oid_to_enum/1, enum_to_oid/1, 
-	 default_signature_algs/1, signature_algs/2, v1_3_filters/0,
+	 default_signature_algs/1, signature_algs/2,
          default_signature_schemes/1, signature_schemes/2]).
 
 -type named_curve() :: sect571r1 | sect571k1 | secp521r1 | brainpoolP512r1 |
@@ -249,11 +249,13 @@ suites(3) ->
     ] ++ suites(2);
 
 suites(4) ->
-    ssl:filter_cipher_suites(suites(3), v1_3_filters()).
-
-v1_3_filters() ->
-    [{mac, fun(aead) -> true; (_) -> false end}, 
-     {key_exchange, fun(dhe_dss) -> false;(rsa) -> false; (rsa_psk) -> false;(_) -> true end}].
+    [?TLS_AES_256_GCM_SHA384,
+     ?TLS_AES_128_GCM_SHA256,
+     ?TLS_CHACHA20_POLY1305_SHA256
+     %% Not supported
+     %% ?TLS_AES_128_CCM_SHA256,
+     %% ?TLS_AES_128_CCM_8_SHA256
+    ] ++ suites(3).
 
 signature_algs({3, 4}, HashSigns) ->
     signature_algs({3, 3}, HashSigns);