From 3bfc1269e543941bd59567da6c3007319b5ada25 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 28 May 2014 11:30:18 +0200
Subject: ssl: Filter default ciphers for supported Crypto algorihms

---
 lib/ssl/src/ssl.erl        | 15 +++++++++------
 lib/ssl/src/ssl_cipher.erl |  5 +++--
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 189bbd7edd..bbe1de5c7b 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -929,8 +929,10 @@ handle_cipher_option(Value, Version)  when is_list(Value) ->
 	error:_->
 	    throw({error, {options, {ciphers, Value}}})
     end.
-binary_cipher_suites(Version, []) -> % Defaults to all supported suites
-    ssl_cipher:suites(Version);
+binary_cipher_suites(Version, []) -> 
+    %% Defaults to all supported suites that does
+    %% not require explicit configuration
+    ssl_cipher:filter_suites(ssl_cipher:suites(Version));
 binary_cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility
     Ciphers = [{KeyExchange, Cipher, Hash} || {KeyExchange, Cipher, Hash, _} <- Ciphers0],
     binary_cipher_suites(Version, Ciphers);
@@ -939,14 +941,15 @@ binary_cipher_suites(Version, [{_,_,_}| _] = Ciphers0) ->
     binary_cipher_suites(Version, Ciphers);
 
 binary_cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
-    Supported0 = ssl_cipher:suites(Version)
+    All = ssl_cipher:suites(Version)
 	++ ssl_cipher:anonymous_suites()
 	++ ssl_cipher:psk_suites(Version)
 	++ ssl_cipher:srp_suites(),
-    Supported = ssl_cipher:filter_suites(Supported0),
-    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported)] of
+    case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, All)] of
 	[] ->
-	    Supported;  %% Defaults to all supported suits
+	    %% Defaults to all supported suites that does
+	    %% not require explicit configuration
+	    ssl_cipher:filter_suites(ssl_cipher:suites(Version));
 	Ciphers ->
 	    Ciphers
     end;
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index a3ec419c2a..72467ea2a0 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1019,7 +1019,8 @@ openssl_suite_name(Cipher) ->
 %%--------------------------------------------------------------------
 -spec filter(undefined | binary(), [cipher_suite()]) -> [cipher_suite()].
 %%
-%% Description: .
+%% Description: Select the cipher suites that can be used together with the 
+%% supplied certificate. (Server side functionality)  
 %%-------------------------------------------------------------------
 filter(undefined, Ciphers) -> 
     Ciphers;
@@ -1053,7 +1054,7 @@ filter(DerCert, Ciphers) ->
 %%--------------------------------------------------------------------
 -spec filter_suites([cipher_suite()]) -> [cipher_suite()].
 %%
-%% Description: filter suites for algorithms
+%% Description: Filter suites for algorithms supported by crypto.
 %%-------------------------------------------------------------------
 filter_suites(Suites = [{_,_,_}|_]) ->
     Algos = crypto:supports(),
-- 
cgit v1.2.3