2 files changed, 51 insertions, 1 deletions

diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index ddc511c652..2e216b32fa 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -86,6 +86,7 @@ basic_tests() ->
     [app,
      alerts,
      send_close,
+     version_option,
      connect_twice,
      connect_dist,
      clear_pem_cache
@@ -1072,6 +1073,13 @@ send_close(Config) when is_list(Config) ->
     {error, _} = ssl:send(SslS, "Hello world").
 
 %%--------------------------------------------------------------------
+version_option() ->
+    [{doc, "Use version option and do no specify ciphers list. Bug specified incorrect ciphers"}].
+version_option(Config) when is_list(Config) -> 
+    Versions = proplists:get_value(supported, ssl:versions()),
+    [version_option_test(Config, Version) || Version <- Versions].
+   
+%%--------------------------------------------------------------------
 close_transport_accept() ->
     [{doc,"Tests closing ssl socket when waiting on ssl:transport_accept/1"}].
 
@@ -3488,3 +3496,28 @@ shutdown_both_result(Socket, client) ->
 
 peername_result(S) ->
     ssl:peername(S).
+
+version_option_test(Config, Version) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = 
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+				   {from, self()}, 
+				   {mfa, {ssl_test_lib, send_recv_result, []}},
+				   {options,  [{active, false}, {versions, [Version]}| ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+    Client = 
+	ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+				   {host, Hostname},
+				   {from, self()}, 
+				   {mfa, {ssl_test_lib, send_recv_result, []}},
+				   {options, [{active, false}, {versions, [Version]}| ClientOpts]}]),
+    
+    ct:log("Testcase ~p, Client ~p  Server ~p ~n",
+	   [self(), Client, Server]),
+    
+    ssl_test_lib:check_result(Server, ok, Client, ok),
+    
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 68784a175e..a7361755e5 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -248,7 +248,7 @@ basic_erlang_server_openssl_client(Config) when is_list(Config) ->
     Port = ssl_test_lib:inet_port(Server),
 
     Cmd = "openssl s_client -port " ++ integer_to_list(Port) ++
-	" -host localhost",
+	" -host localhost" ++ workaround_openssl_s_clinent(),
 
     ct:log("openssl cmd: ~p~n", [Cmd]),
     
@@ -1383,3 +1383,20 @@ supports_sslv2(Port) ->
 	    true
     end.
 
+workaround_openssl_s_clinent() ->
+    %% http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683159
+    %% https://bugs.archlinux.org/task/33919
+    %% Bug seems to manifests it self if TLS version is not
+    %% explicitly specified 
+    case os:cmd("openssl version") of 
+	"OpenSSL 1.0.1c" ++ _ ->
+	    " -no_tls1_2 ";
+	"OpenSSL 1.0.1d" ++ _ ->
+	    " -no_tls1_2 ";
+	"OpenSSL 1.0.1e" ++ _ ->
+	    " -no_tls1_2 ";
+	"OpenSSL 1.0.1f" ++ _ ->
+	    " -no_tls1_2 ";
+	_  ->
+	    ""
+    end.