aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2016-04-15 22:25:45 +0200
committerIngela Anderton Andin <[email protected]>2016-04-22 09:43:22 +0200
commit0bb95b2ac735ecf01a02de07da22d4a7a9577f36 (patch)
tree22caceec5aa7e0a34015caabe0fd02a65f362918 /lib/ssl/test
parentafe72bfc1448ff426c38eceb7412f69e973aef62 (diff)
downloadotp-0bb95b2ac735ecf01a02de07da22d4a7a9577f36.tar.gz
otp-0bb95b2ac735ecf01a02de07da22d4a7a9577f36.tar.bz2
otp-0bb95b2ac735ecf01a02de07da22d4a7a9577f36.zip
ssl: Corrections to cipher suite handling
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl28
-rw-r--r--lib/ssl/test/ssl_test_lib.erl16
2 files changed, 35 insertions, 9 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 1a864edb8b..486223a651 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -168,6 +168,7 @@ renegotiate_tests() ->
cipher_tests() ->
[cipher_suites,
+ cipher_suites_mix,
ciphers_rsa_signed_certs,
ciphers_rsa_signed_certs_openssl_names,
ciphers_dsa_signed_certs,
@@ -445,7 +446,7 @@ connection_info(Config) when is_list(Config) ->
{from, self()},
{mfa, {?MODULE, connection_info_result, []}},
{options,
- [{ciphers,[{rsa,des_cbc,sha,no_export}]} |
+ [{ciphers,[{rsa,des_cbc,sha}]} |
ClientOpts]}]),
ct:log("Testcase ~p, Client ~p Server ~p ~n",
@@ -911,6 +912,31 @@ cipher_suites(Config) when is_list(Config) ->
[_|_] =ssl:cipher_suites(openssl).
%%--------------------------------------------------------------------
+cipher_suites_mix() ->
+ [{doc,"Test to have old and new cipher suites at the same time"}].
+
+cipher_suites_mix(Config) when is_list(Config) ->
+ CipherSuites = [{ecdh_rsa,aes_128_cbc,sha256,sha256}, {rsa,aes_128_cbc,sha}],
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, [{ciphers, CipherSuites} | ClientOpts]}]),
+
+ ssl_test_lib:check_result(Server, ok, Client, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+%%--------------------------------------------------------------------
socket_options() ->
[{doc,"Test API function getopts/2 and setopts/2"}].
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 90fcd193cc..ed4bd86665 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -905,8 +905,8 @@ anonymous_suites() ->
{dh_anon, '3des_ede_cbc', sha},
{dh_anon, aes_128_cbc, sha},
{dh_anon, aes_256_cbc, sha},
- {dh_anon, aes_128_gcm, null},
- {dh_anon, aes_256_gcm, null},
+ {dh_anon, aes_128_gcm, null, sha256},
+ {dh_anon, aes_256_gcm, null, sha384},
{ecdh_anon,rc4_128,sha},
{ecdh_anon,'3des_ede_cbc',sha},
{ecdh_anon,aes_128_cbc,sha},
@@ -933,12 +933,12 @@ psk_suites() ->
{rsa_psk, aes_256_cbc, sha},
{rsa_psk, aes_128_cbc, sha256},
{rsa_psk, aes_256_cbc, sha384},
- {psk, aes_128_gcm, null},
- {psk, aes_256_gcm, null},
- {dhe_psk, aes_128_gcm, null},
- {dhe_psk, aes_256_gcm, null},
- {rsa_psk, aes_128_gcm, null},
- {rsa_psk, aes_256_gcm, null}],
+ {psk, aes_128_gcm, null, sha256},
+ {psk, aes_256_gcm, null, sha384},
+ {dhe_psk, aes_128_gcm, null, sha256},
+ {dhe_psk, aes_256_gcm, null, sha384},
+ {rsa_psk, aes_128_gcm, null, sha256},
+ {rsa_psk, aes_256_gcm, null, sha384}],
ssl_cipher:filter_suites(Suites).
psk_anon_suites() ->