1 files changed, 20 insertions, 11 deletions

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 189bbd7edd..be1041ca13 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -346,17 +346,22 @@ negotiated_next_protocol(#sslsocket{pid = Pid}) ->
 %%--------------------------------------------------------------------
 cipher_suites() ->
     cipher_suites(erlang).
-  
+
 cipher_suites(erlang) ->
     Version = tls_record:highest_protocol_version([]),
-    [suite_definition(S) || S <- ssl_cipher:suites(Version)];
-
+    ssl_cipher:filter_suites([suite_definition(S)
+                              || S <- ssl_cipher:suites(Version)]);
 cipher_suites(openssl) ->
     Version = tls_record:highest_protocol_version([]),
-    [ssl_cipher:openssl_suite_name(S) || S <- ssl_cipher:suites(Version)];
+    [ssl_cipher:openssl_suite_name(S)
+     || S <- ssl_cipher:filter_suites(ssl_cipher:suites(Version))];
 cipher_suites(all) ->
     Version = tls_record:highest_protocol_version([]),
-    [suite_definition(S) || S <- ssl_cipher:all_suites(Version)].
+    Supported = ssl_cipher:all_suites(Version)
+	++ ssl_cipher:anonymous_suites(Version)
+	++ ssl_cipher:psk_suites(Version)
+	++ ssl_cipher:srp_suites(),
+    ssl_cipher:filter_suites([suite_definition(S) || S <- Supported]).
 
 %%--------------------------------------------------------------------
 -spec getopts(#sslsocket{}, [gen_tcp:option_name()]) ->
@@ -929,8 +934,11 @@ handle_cipher_option(Value, Version)  when is_list(Value) ->
 	error:_->
 	    throw({error, {options, {ciphers, Value}}})
     end.
-binary_cipher_suites(Version, []) -> % Defaults to all supported suites
-    ssl_cipher:suites(Version);
+
+binary_cipher_suites(Version, []) -> 
+    %% Defaults to all supported suites that does
+    %% not require explicit configuration
+    ssl_cipher:filter_suites(ssl_cipher:suites(Version));
 binary_cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility
     Ciphers = [{KeyExchange, Cipher, Hash} || {KeyExchange, Cipher, Hash, _} <- Ciphers0],
     binary_cipher_suites(Version, Ciphers);
@@ -939,14 +947,15 @@ binary_cipher_suites(Version, [{_,_,_}| _] = Ciphers0) ->
     binary_cipher_suites(Version, Ciphers);
 
 binary_cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
-    Supported0 = ssl_cipher:suites(Version)
+    All = ssl_cipher:suites(Version)
 	++ ssl_cipher:anonymous_suites()
 	++ ssl_cipher:psk_suites(Version)
 	++ ssl_cipher:srp_suites(),
-    Supported = ssl_cipher:filter_suites(Supported0),
-    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported)] of
+    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, All)] of
 	[] ->
-	    Supported;  %% Defaults to all supported suits
+	    %% Defaults to all supported suites that does
+	    %% not require explicit configuration
+	    ssl_cipher:filter_suites(ssl_cipher:suites(Version));
 	Ciphers ->
 	    Ciphers
     end;