ssl: Align (with DTLS) and correct TLS_FALLBACK_SCSV handling

3 files changed, 12 insertions, 11 deletions

diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl
index 5e8f5c2ca0..6071eece13 100644
--- a/lib/ssl/src/dtls_handshake.erl
+++ b/lib/ssl/src/dtls_handshake.erl
@@ -67,7 +67,8 @@ client_hello(Host, Port, ConnectionStates, SslOpts,
 %%--------------------------------------------------------------------
 client_hello(Host, Port, Cookie, ConnectionStates,
 	     #ssl_options{versions = Versions,
-			  ciphers = UserSuites
+			  ciphers = UserSuites,
+                          fallback = Fallback
 			 } = SslOpts,
 	     Cache, CacheCb, Renegotiation, OwnCert) ->
     Version =  dtls_record:highest_protocol_version(Versions),
@@ -83,7 +84,9 @@ client_hello(Host, Port, Cookie, ConnectionStates,
 
     #client_hello{session_id = Id,
 		  client_version = Version,
-		  cipher_suites = ssl_handshake:cipher_suites(CipherSuites, Renegotiation),
+		  cipher_suites = 
+                      ssl_handshake:cipher_suites(CipherSuites, 
+                                                  Renegotiation, Fallback),
 		  compression_methods = ssl_record:compressions(),
 		  random = SecParams#security_parameters.client_random,
 		  cookie = Cookie,
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0974448276..fd437f62d2 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -67,7 +67,7 @@
 
 %% Cipher suites handling
 -export([available_suites/2, available_signature_algs/2,  available_signature_algs/4, 
-         cipher_suites/2, prf/6, select_session/11, supported_ecc/1,
+         cipher_suites/3, prf/6, select_session/11, supported_ecc/1,
          premaster_secret/2, premaster_secret/3, premaster_secret/4]).
 
 %% Extensions handling
@@ -782,6 +782,11 @@ available_signature_algs(#hash_sign_algos{hash_sign_algos = ClientHashSigns}, Su
 available_signature_algs(_, _, _, _) -> 
     undefined.
 
+cipher_suites(Suites, Renegotiation, true) ->
+    %% TLS_FALLBACK_SCSV should be placed last -RFC7507
+    cipher_suites(Suites, Renegotiation) ++ [?TLS_FALLBACK_SCSV];
+cipher_suites(Suites, Renegotiation, false) ->
+    cipher_suites(Suites, Renegotiation).
 cipher_suites(Suites, false) ->
     [?TLS_EMPTY_RENEGOTIATION_INFO_SCSV | Suites];
 cipher_suites(Suites, true) ->
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index d59e817ffb..8817418fb0 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -67,14 +67,7 @@ client_hello(Host, Port, ConnectionStates,
 						       AvailableCipherSuites,
 						       SslOpts, ConnectionStates, 
                                                        Renegotiation),
-    CipherSuites = 
-	case Fallback of
-	    true ->
-	        [?TLS_FALLBACK_SCSV | 
-                 ssl_handshake:cipher_suites(AvailableCipherSuites, Renegotiation)];
-	    false ->
-		ssl_handshake:cipher_suites(AvailableCipherSuites, Renegotiation)
-	end,
+    CipherSuites = ssl_handshake:cipher_suites(AvailableCipherSuites, Renegotiation, Fallback),
     Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert),    
     #client_hello{session_id = Id,
 		  client_version = Version,