SSL: in tests, filter ssl client ciphers for version compatibility

Some psk and some not yet supported anonymous suites are only supported
with TLS version >= 1.2. This adds them to the tests and makes sure
that they are not tested on TLS versions that do not support them.

1 files changed, 18 insertions, 1 deletions

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 69b222fc43..47427998fe 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -875,14 +875,21 @@ psk_suites() ->
 	 {psk, '3des_ede_cbc', sha},
 	 {psk, aes_128_cbc, sha},
 	 {psk, aes_256_cbc, sha},
+	 {psk, aes_128_cbc, sha256},
+	 {psk, aes_256_cbc, sha384},
 	 {dhe_psk, rc4_128, sha},
 	 {dhe_psk, '3des_ede_cbc', sha},
 	 {dhe_psk, aes_128_cbc, sha},
 	 {dhe_psk, aes_256_cbc, sha},
+	 {dhe_psk, aes_128_cbc, sha256},
+	 {dhe_psk, aes_256_cbc, sha384},
 	 {rsa_psk, rc4_128, sha},
 	 {rsa_psk, '3des_ede_cbc', sha},
 	 {rsa_psk, aes_128_cbc, sha},
-	 {rsa_psk, aes_256_cbc, sha}],
+	 {rsa_psk, aes_256_cbc, sha},
+	 {rsa_psk, aes_128_cbc, sha256},
+	 {rsa_psk, aes_256_cbc, sha384}
+],
     ssl_cipher:filter_suites(Suites).
 
 psk_anon_suites() ->
@@ -1118,3 +1125,13 @@ version_flag('tlsv1.2') ->
     " -tls1_2 ";
 version_flag(sslv3) ->
     " -ssl3 ".
+
+filter_suites(Ciphers0) ->
+    Version = tls_record:highest_protocol_version([]),
+    Supported0 = ssl_cipher:suites(Version)
+	++ ssl_cipher:anonymous_suites()
+	++ ssl_cipher:psk_suites(Version)
+	++ ssl_cipher:srp_suites(),
+    Supported1 = ssl_cipher:filter_suites(Supported0),
+    Supported2 = [ssl:suite_definition(S) || S <- Supported1],
+    [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported2)].