From 7f0e683bc483b70f05fa806539bd5c540943dfd0 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 16 Apr 2014 15:11:11 +0200
Subject: ssl: Select supported cipher suites for the negotiated
 SSL/TLS-version

When selecting the available cipher suites for the server all cipher suites
for the highest supported SSL/TLS-version would be selected, and not
all supported for the negotiated SSL/TLS-version. This could lead
to that faulty clients could negotiate cipher suites that they
can not support. This change will enable the faulty client to negotiate
another cipher suite that it can support.
---
 lib/ssl/src/ssl.erl              |  8 ++------
 lib/ssl/src/ssl_cipher.erl       |  8 +++++++-
 lib/ssl/src/ssl_handshake.erl    |  9 +++------
 lib/ssl/test/ssl_basic_SUITE.erl | 35 ++++++++++++++++++++++++++++++++++-
 4 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 743753bf7d..866312f332 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -357,11 +357,7 @@ cipher_suites(openssl) ->
     [ssl_cipher:openssl_suite_name(S) || S <- ssl_cipher:suites(Version)];
 cipher_suites(all) ->
     Version = tls_record:highest_protocol_version([]),
-    Supported = ssl_cipher:suites(Version)
-	++ ssl_cipher:anonymous_suites()
-	++ ssl_cipher:psk_suites(Version)
-	++ ssl_cipher:srp_suites(),
-    [suite_definition(S) || S <- Supported].
+    [suite_definition(S) || S <- ssl_cipher:all_suites(Version)].
 
 %%--------------------------------------------------------------------
 -spec getopts(#sslsocket{}, [gen_tcp:option_name()]) ->
@@ -953,7 +949,7 @@ handle_cipher_option(Value, Version)  when is_list(Value) ->
 	error:_->
 	    throw({error, {options, {ciphers, Value}}})
     end.
-binary_cipher_suites(Version, []) -> %% Defaults to all supported suits
+binary_cipher_suites(Version, []) -> % Defaults to all supported suites
     ssl_cipher:suites(Version);
 binary_cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility
     Ciphers = [{KeyExchange, Cipher, Hash} || {KeyExchange, Cipher, Hash, _} <- Ciphers0],
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 78a328ace8..a3ec419c2a 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -34,7 +34,8 @@
 
 -export([security_parameters/2, security_parameters/3, suite_definition/1,
 	 decipher/5, cipher/5,
-	 suite/1, suites/1, ec_keyed_suites/0, anonymous_suites/0, psk_suites/1, srp_suites/0,
+	 suite/1, suites/1, all_suites/1, 
+	 ec_keyed_suites/0, anonymous_suites/0, psk_suites/1, srp_suites/0,
 	 openssl_suite/1, openssl_suite_name/1, filter/2, filter_suites/1,
 	 hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2]).
 
@@ -224,6 +225,11 @@ suites({3, 0}) ->
 suites({3, N}) ->
     tls_v1:suites(N).
 
+all_suites(Version) ->
+    suites(Version)
+	++ ssl_cipher:anonymous_suites()
+	++ ssl_cipher:psk_suites(Version)
+	++ ssl_cipher:srp_suites().
 %%--------------------------------------------------------------------
 -spec anonymous_suites() -> [cipher_suite()].
 %%
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 1108edcf48..10dd830baf 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1017,12 +1017,9 @@ decode_suites('3_bytes', Dec) ->
 %%-------------Cipeher suite handling --------------------------------
 
 available_suites(UserSuites, Version) ->
-    case UserSuites of
-	[] ->
-	    ssl_cipher:suites(Version);
-	_ ->
-	    UserSuites
-    end.
+    lists:filtermap(fun(Suite) ->
+			    lists:member(Suite, ssl_cipher:all_suites(Version))
+		    end, UserSuites).
 
 available_suites(ServerCert, UserSuites, Version, Curve) ->
     ssl_cipher:filter(ServerCert, available_suites(UserSuites, Version))
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 8e3d2e4b80..a8fbb144c4 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -115,7 +115,8 @@ options_tests() ->
      reuseaddr,
      tcp_reuseaddr,
      honor_server_cipher_order,
-     honor_client_cipher_order
+     honor_client_cipher_order,
+     ciphersuite_vs_version
 ].
 
 api_tests() ->
@@ -2558,6 +2559,38 @@ honor_cipher_order(Config, Honor, ServerCiphers, ClientCiphers, Expected) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+%%--------------------------------------------------------------------
+ciphersuite_vs_version(Config) when is_list(Config) ->
+    
+    {_ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    ServerOpts = ?config(server_opts, Config),
+    
+    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
+					      {from, self()},
+					      {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    
+    {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {active, false}]),
+    ok = gen_tcp:send(Socket, 
+		      <<22, 3,0, 49:16, % handshake, SSL 3.0, length
+			1, 45:24, % client_hello, length
+			3,0, % SSL 3.0
+			16#deadbeef:256, % 32 'random' bytes = 256 bits
+			0, % no session ID
+			%% three cipher suites -- null, one with sha256 hash and one with sha hash
+			6:16, 0,255, 0,61, 0,57, 
+			1, 0 % no compression
+		      >>),
+    {ok, <<22, RecMajor:8, RecMinor:8, _RecLen:16, 2, HelloLen:24>>} = gen_tcp:recv(Socket, 9, 10000),
+    {ok, <<HelloBin:HelloLen/binary>>} = gen_tcp:recv(Socket, HelloLen, 5000),
+    ServerHello = tls_handshake:decode_handshake({RecMajor, RecMinor}, 2, HelloBin),
+    case ServerHello of
+	#server_hello{server_version = {3,0}, cipher_suite = <<0,57>>} -> 
+	    ok;
+	_ ->
+	    ct:fail({unexpected_server_hello, ServerHello})
+    end.
+										
 %%--------------------------------------------------------------------
 
 hibernate() ->
-- 
cgit v1.2.3