diff options
| author | Ingela Anderton Andin <[email protected]> | 2018-03-06 12:14:42 +0100 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2018-03-06 12:14:42 +0100 |
| commit | a100b9c1008e258edc364d60cfb2a17ed0637384 (patch) | |
| tree | 7a3e8dd9e7f9f6383bf956a2ff4f6d266d212bee /lib/ssl/src | |
| parent | e9f2bf18928c4b9e844dc5408fd4230210271a02 (diff) | |
| parent | 99656a1e3ebf5ca4bb2ad63a66a0308d51243c53 (diff) | |
| download | otp-a100b9c1008e258edc364d60cfb2a17ed0637384.tar.gz otp-a100b9c1008e258edc364d60cfb2a17ed0637384.tar.bz2 otp-a100b9c1008e258edc364d60cfb2a17ed0637384.zip | |
Merge branch 'ingela/maint/voltone/ssl_anonymous_with_openssl/PR-1729/OTP-14952' into maint
* ingela/maint/voltone/ssl_anonymous_with_openssl/PR-1729/OTP-14952:
ssl: Fix anonymous suites regression and protocol error
Diffstat (limited to 'lib/ssl/src')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 5e687b1bb7..7efb89bfae 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -755,9 +755,8 @@ decode_suites('3_bytes', Dec) -> %%==================================================================== available_suites(UserSuites, Version) -> - lists:filtermap(fun(Suite) -> - lists:member(Suite, ssl_cipher:all_suites(Version)) - end, UserSuites). + VersionSuites = ssl_cipher:all_suites(Version) ++ ssl_cipher:anonymous_suites(Version), + lists:filtermap(fun(Suite) -> lists:member(Suite, VersionSuites) end, UserSuites). available_suites(ServerCert, UserSuites, Version, undefined, Curve) -> ssl_cipher:filter(ServerCert, available_suites(UserSuites, Version)) @@ -1025,7 +1024,9 @@ select_curve(undefined, _, _) -> %% %% Description: Handles signature_algorithms hello extension (server) %%-------------------------------------------------------------------- -select_hashsign(_, undefined, _, _, _Version) -> +select_hashsign(_, _, KeyExAlgo, _, _Version) when KeyExAlgo == dh_anon; + KeyExAlgo == ecdh_anon; + KeyExAlgo == srp_anon -> {null, anon}; %% The signature_algorithms extension was introduced with TLS 1.2. Ignore it if we have %% negotiated a lower version. |