aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-04-19 22:07:55 +0200
committerIngela Anderton Andin <[email protected]>2013-05-08 10:39:19 +0200
commitf5902d53588784d95674e07055fc2ef0d6fd0ed0 (patch)
treed8a8db81daea3f7f4d115c763e8b647056ed5c80 /lib/ssl
parent826ff38deec221e306b2f4a9ee529fae1dbbedf7 (diff)
downloadotp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.tar.gz
otp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.tar.bz2
otp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.zip
ssl: Filter out ECC cipher suites when openssl is buggy
Even in "normal" (not explicitly ECC tests) cases we need to filter out ECC ciper suites as they are preferd.
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/test/ssl_test_lib.erl12
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl3
2 files changed, 14 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 3b63886a07..6069a9da95 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -982,3 +982,15 @@ is_sane_ecc(openssl) ->
end;
is_sane_ecc(_) ->
true.
+
+cipher_restriction(Config) ->
+ case is_sane_ecc(openssl) of
+ false ->
+ Opts = proplists:get_value(server_opts, Config),
+ NewConfig = proplists:delete(server_opts, Config),
+ Restricted0 = ssl:cipher_suites() -- ecdsa_suites(),
+ Restricted = Restricted0 -- ecdh_rsa_suites(),
+ [{server_opts, [{ciphers, Restricted} | Opts]} | NewConfig];
+ true ->
+ Config
+ end.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index fc88a8f23c..075b4b1ec4 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -107,7 +107,8 @@ init_per_suite(Config0) ->
ct:log("Make certs ~p~n", [Result]),
Config1 = ssl_test_lib:make_dsa_cert(Config0),
Config = ssl_test_lib:cert_options(Config1),
- [{watchdog, Dog} | Config]
+ NewConfig = [{watchdog, Dog} | Config],
+ ssl_test_lib:cipher_restriction(NewConfig)
catch _:_ ->
{skip, "Crypto did not start"}
end