1 files changed, 23 insertions, 2 deletions

diff --git a/lib/ssl/src/dtls_v1.erl b/lib/ssl/src/dtls_v1.erl
index ffd3e4b833..4aaf8baa6c 100644
--- a/lib/ssl/src/dtls_v1.erl
+++ b/lib/ssl/src/dtls_v1.erl
@@ -21,12 +21,24 @@
 
 -include("ssl_cipher.hrl").
 
--export([suites/1, mac_hash/7, ecc_curves/1, corresponding_tls_version/1, corresponding_dtls_version/1]).
+-export([suites/1, all_suites/1, mac_hash/7, ecc_curves/1, 
+         corresponding_tls_version/1, corresponding_dtls_version/1,
+         cookie_secret/0, cookie_timeout/0]).
+
+-define(COOKIE_BASE_TIMEOUT, 30000).
 
 -spec suites(Minor:: 253|255) -> [ssl_cipher:cipher_suite()].
 
 suites(Minor) ->
-   tls_v1:suites(corresponding_minor_tls_version(Minor)).
+    lists:filter(fun(Cipher) -> 
+                         is_acceptable_cipher(ssl_cipher:suite_definition(Cipher)) 
+                 end,
+                 tls_v1:suites(corresponding_minor_tls_version(Minor))).
+all_suites(Version) ->
+    lists:filter(fun(Cipher) -> 
+                         is_acceptable_cipher(ssl_cipher:suite_definition(Cipher)) 
+                 end,
+                 ssl_cipher:all_suites(corresponding_tls_version(Version))).
 
 mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
     tls_v1:mac_hash(MacAlg, MacSecret, SeqNo, Type, Version,
@@ -38,6 +50,13 @@ ecc_curves({_Major, Minor}) ->
 corresponding_tls_version({254, Minor}) ->
     {3, corresponding_minor_tls_version(Minor)}.
 
+cookie_secret() ->
+    crypto:strong_rand_bytes(32).
+
+cookie_timeout() ->
+    %% Cookie will live for two timeouts periods
+    round(rand:uniform() * ?COOKIE_BASE_TIMEOUT/2).
+    
 corresponding_minor_tls_version(255) ->
     2;
 corresponding_minor_tls_version(253) ->
@@ -50,3 +69,5 @@ corresponding_minor_dtls_version(2) ->
     255;
 corresponding_minor_dtls_version(3) ->
     253.
+is_acceptable_cipher(Suite) ->
+    not ssl_cipher:is_stream_ciphersuite(Suite).