aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorAndreas Schultz <[email protected]>2014-05-17 16:17:05 +0200
committerAndreas Schultz <[email protected]>2014-05-28 12:20:00 +0200
commit9163e290194b8c82ec291d45a9dff79654c754f6 (patch)
tree695b494837320c6ca43ef66c602a882c2fa8631b /lib/ssl/test
parent6b6cd01b607a1bfcf61bb6d5f4cc3fe9b37445db (diff)
downloadotp-9163e290194b8c82ec291d45a9dff79654c754f6.tar.gz
otp-9163e290194b8c82ec291d45a9dff79654c754f6.tar.bz2
otp-9163e290194b8c82ec291d45a9dff79654c754f6.zip
SSL: in tests, filter ssl client ciphers for version compatibility
Some psk and some not yet supported anonymous suites are only supported with TLS version >= 1.2. This adds them to the tests and makes sure that they are not tested on TLS versions that do not support them.
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl2
-rw-r--r--lib/ssl/test/ssl_test_lib.erl19
2 files changed, 19 insertions, 2 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index a1b766e05f..0905bb0c25 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -3694,7 +3694,7 @@ run_suites(Ciphers, Version, Config, Type) ->
Result = lists:map(fun(Cipher) ->
cipher(Cipher, Version, Config, ClientOpts, ServerOpts) end,
- Ciphers),
+ ssl_test_lib:filter_suites(Ciphers)),
case lists:flatten(Result) of
[] ->
ok;
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 69b222fc43..47427998fe 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -875,14 +875,21 @@ psk_suites() ->
{psk, '3des_ede_cbc', sha},
{psk, aes_128_cbc, sha},
{psk, aes_256_cbc, sha},
+ {psk, aes_128_cbc, sha256},
+ {psk, aes_256_cbc, sha384},
{dhe_psk, rc4_128, sha},
{dhe_psk, '3des_ede_cbc', sha},
{dhe_psk, aes_128_cbc, sha},
{dhe_psk, aes_256_cbc, sha},
+ {dhe_psk, aes_128_cbc, sha256},
+ {dhe_psk, aes_256_cbc, sha384},
{rsa_psk, rc4_128, sha},
{rsa_psk, '3des_ede_cbc', sha},
{rsa_psk, aes_128_cbc, sha},
- {rsa_psk, aes_256_cbc, sha}],
+ {rsa_psk, aes_256_cbc, sha},
+ {rsa_psk, aes_128_cbc, sha256},
+ {rsa_psk, aes_256_cbc, sha384}
+],
ssl_cipher:filter_suites(Suites).
psk_anon_suites() ->
@@ -1118,3 +1125,13 @@ version_flag('tlsv1.2') ->
" -tls1_2 ";
version_flag(sslv3) ->
" -ssl3 ".
+
+filter_suites(Ciphers0) ->
+ Version = tls_record:highest_protocol_version([]),
+ Supported0 = ssl_cipher:suites(Version)
+ ++ ssl_cipher:anonymous_suites()
+ ++ ssl_cipher:psk_suites(Version)
+ ++ ssl_cipher:srp_suites(),
+ Supported1 = ssl_cipher:filter_suites(Supported0),
+ Supported2 = [ssl:suite_definition(S) || S <- Supported1],
+ [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported2)].