2 files changed, 15 insertions, 5 deletions

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 1d645e5782..a83ce42455 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -96,7 +96,7 @@ security_parameters(Version, CipherSuite, SecParams) ->
       expanded_key_material_length = expanded_key_material(Cipher),
       key_material_length = key_material(Cipher),
       iv_size = iv_size(Cipher),
-      mac_algorithm = hash_algorithm(Hash),
+      mac_algorithm = mac_algorithm(Hash),
       prf_algorithm = prf_algorithm(PrfHashAlg, Version),
       hash_size = hash_size(Hash)}.
 
@@ -2531,6 +2531,11 @@ prf_algorithm(default_prf, {3, _}) ->
 prf_algorithm(Algo, _) ->
     hash_algorithm(Algo).
 
+mac_algorithm(aead) ->
+    aead;
+mac_algorithm(Algo) ->
+    hash_algorithm(Algo).
+
 hash_algorithm(null)   -> ?NULL;
 hash_algorithm(md5)    -> ?MD5;
 hash_algorithm(sha)   -> ?SHA; %% Only sha always refers to "SHA-1"
@@ -2561,6 +2566,10 @@ sign_algorithm(Other) when is_integer(Other) andalso ((Other >= 224) and (Other
 
 hash_size(null) ->
     0;
+%% The AEAD MAC hash size is not used in the context 
+%% of calculating the master secret. See RFC 5246 Section 6.2.3.3.
+hash_size(aead) ->
+    0;
 hash_size(md5) ->
     16;
 hash_size(sha) ->
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0c55af9174..09160e2f9c 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -774,9 +774,8 @@ decode_suites('3_bytes', Dec) ->
 %%====================================================================
 
 available_suites(UserSuites, Version) ->
-    lists:filtermap(fun(Suite) ->
-			    lists:member(Suite, ssl_cipher:all_suites(Version))
-		    end, UserSuites).
+    VersionSuites = ssl_cipher:all_suites(Version) ++ ssl_cipher:anonymous_suites(Version),
+    lists:filtermap(fun(Suite) -> lists:member(Suite, VersionSuites) end, UserSuites).
 
 available_suites(ServerCert, UserSuites, Version, undefined, Curve) ->
     ssl_cipher:filter(ServerCert, available_suites(UserSuites, Version))
@@ -1056,7 +1055,9 @@ select_curve(undefined, _, _) ->
 %%
 %% Description: Handles signature_algorithms hello extension (server)
 %%--------------------------------------------------------------------
-select_hashsign(_, undefined, _,  _, _Version) ->
+select_hashsign(_, _, KeyExAlgo, _, _Version) when KeyExAlgo == dh_anon;
+                                                   KeyExAlgo == ecdh_anon;
+                                                   KeyExAlgo == srp_anon ->
     {null, anon};
 %% The signature_algorithms extension was introduced with TLS 1.2. Ignore it if we have
 %% negotiated a lower version.