ssl: anon test should use dh or ecdh anon keyexchange

3 files changed, 15 insertions, 7 deletions

diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 75db79aff2..162c63850f 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -2544,7 +2544,7 @@ anonymous_cipher_suites()->
     [{doc,"Test the anonymous ciphersuites"}].
 anonymous_cipher_suites(Config) when is_list(Config) ->
     NVersion = ssl_test_lib:protocol_version(Config, tuple),
-    Ciphers = ssl_test_lib:anonymous_suites(NVersion),
+    Ciphers = ssl_test_lib:ecdh_dh_anonymous_suites(NVersion),
     run_suites(Ciphers, Config, anonymous).
 %%-------------------------------------------------------------------
 psk_cipher_suites() ->
@@ -2640,7 +2640,7 @@ default_reject_anonymous(Config) when is_list(Config) ->
     Version = ssl_test_lib:protocol_version(Config),
     TLSVersion = ssl_test_lib:tls_version(Version),
     
-   [CipherSuite | _] = ssl_test_lib:anonymous_suites(TLSVersion),
+   [CipherSuite | _] = ssl_test_lib:ecdh_dh_anonymous_suites(TLSVersion),
     
     Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
 					      {from, self()},
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 8c27571d64..1e88ca15de 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1264,8 +1264,16 @@ string_regex_filter(Str, Search) when is_list(Str) ->
 string_regex_filter(_Str, _Search) ->
     false.
 
-anonymous_suites(Version) ->
-    ssl:filter_cipher_suites([ssl_cipher:suite_definition(S) || S <- ssl_cipher:anonymous_suites(Version)],[]).
+ecdh_dh_anonymous_suites(Version) ->
+    ssl:filter_cipher_suites([ssl_cipher:suite_definition(S) || S <- ssl_cipher:anonymous_suites(Version)],
+                             [{key_exchange, 
+                               fun(dh_anon) -> 
+                                       true;
+                                  (ecdh_anon) -> 
+                                       true;
+                                  (_) -> 
+                                       false 
+                               end}]).
 psk_suites(Version) ->
     ssl:filter_cipher_suites([ssl_cipher:suite_definition(S) || S <- ssl_cipher:psk_suites(Version)], []).
 
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 671599223c..4f02d8d15d 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -596,7 +596,7 @@ erlang_client_openssl_server_anon(Config) when is_list(Config) ->
     ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
     ClientOpts = ssl_test_lib:ssl_options(client_anon_opts, Config),
     VersionTuple = ssl_test_lib:protocol_version(Config, tuple),
-    Ciphers = ssl_test_lib:anonymous_suites(VersionTuple),
+    Ciphers = ssl_test_lib:ecdh_dh_anonymous_suites(VersionTuple),
 
     {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
 
@@ -639,7 +639,7 @@ erlang_server_openssl_client_anon(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ServerOpts = ssl_test_lib:ssl_options(server_anon_opts, Config),
     VersionTuple = ssl_test_lib:protocol_version(Config, tuple),
-    Ciphers = ssl_test_lib:anonymous_suites(VersionTuple),
+    Ciphers = ssl_test_lib:ecdh_dh_anonymous_suites(VersionTuple),
 
     {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
@@ -673,7 +673,7 @@ erlang_server_openssl_client_anon_with_cert(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
     VersionTuple = ssl_test_lib:protocol_version(Config, tuple),
-    Ciphers = ssl_test_lib:anonymous_suites(VersionTuple),
+    Ciphers = ssl_test_lib:ecdh_dh_anonymous_suites(VersionTuple),
 
     {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),