aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2018-01-05 22:35:43 +0100
committerIngela Anderton Andin <[email protected]>2018-01-07 14:29:05 +0100
commit39fb981193c137ba6e3621bae49c07eb0b4d92cf (patch)
tree604a377019105ac47fc7f49ec77e71034e06a174 /lib
parent07044c29b6f3a553bcbeaf9437f05c3ac19f1775 (diff)
downloadotp-39fb981193c137ba6e3621bae49c07eb0b4d92cf.tar.gz
otp-39fb981193c137ba6e3621bae49c07eb0b4d92cf.tar.bz2
otp-39fb981193c137ba6e3621bae49c07eb0b4d92cf.zip
dtls: Filter out rc4 for DTLS psk suites
Stream ciphers are not valid fro DTLS
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/src/ssl_cipher.erl2
-rw-r--r--lib/ssl/test/ssl_test_lib.erl29
2 files changed, 21 insertions, 10 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 18271f325a..7efc39e659 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2148,7 +2148,7 @@ calc_mac_hash(Type, Version,
MacSecret, SeqNo, Type,
Length, PlainFragment).
-is_stream_ciphersuite({_, rc4_128, _, _}) ->
+is_stream_ciphersuite(#{cipher := rc4_128}) ->
true;
is_stream_ciphersuite(_) ->
false.
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 29af57605c..f9cc6ab8b7 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1024,15 +1024,26 @@ string_regex_filter(Str, Search) when is_list(Str) ->
string_regex_filter(_Str, _Search) ->
false.
-anonymous_suites(Version) ->
- [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:anonymous_suites(Version))].
-
-psk_suites(Version) ->
- [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:psk_suites(Version))].
-
-psk_anon_suites(Version) ->
- [Suite || Suite <- psk_suites(Version), is_psk_anon_suite(Suite)].
-
+anonymous_suites({3,_ } = Version) ->
+ [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:anonymous_suites(Version))];
+anonymous_suites(DTLSVersion) ->
+ Version = dtls_v1:corresponding_tls_version(DTLSVersion),
+ [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:anonymous_suites(Version)),
+ not ssl_cipher:is_stream_ciphersuite(tuple_to_map(ssl_cipher:erl_suite_definition(S)))].
+
+psk_suites({3,_ } = Version) ->
+ [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:psk_suites(Version))];
+psk_suites(DTLSVersion) ->
+ Version = dtls_v1:corresponding_tls_version(DTLSVersion),
+ [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:psk_suites(Version)),
+ not ssl_cipher:is_stream_ciphersuite(tuple_to_map(ssl_cipher:erl_suite_definition(S)))].
+
+psk_anon_suites({3,_ } = Version) ->
+ [Suite || Suite <- psk_suites(Version), is_psk_anon_suite(Suite)];
+psk_anon_suites(DTLSVersion) ->
+ Version = dtls_v1:corresponding_tls_version(DTLSVersion),
+ [Suite || Suite <- psk_suites(Version), is_psk_anon_suite(Suite),
+ not ssl_cipher:is_stream_ciphersuite(tuple_to_map(Suite))].
srp_suites() ->
[ssl_cipher:erl_suite_definition(Suite) ||
Suite <-