From 028941b5b54adeaf947ba60cd44de8ef1886e0eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Wed, 11 Jul 2018 11:30:40 +0200
Subject: ssl: Sort supported versions in handle_options

Sort supported versions (highest first) in handle options to
reflect the order expected by TLS 1.3.

Change-Id: I06bb43ac81eeaca681c122d815a024c8444e3726
---
 lib/ssl/src/ssl.erl | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'lib/ssl/src/ssl.erl')

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index e5a6f6bb47..09953908ce 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -887,9 +887,10 @@ handle_options(Opts0, #ssl_options{protocol = Protocol, cacerts = CaCerts0,
 	[] ->
 	    new_ssl_options(SslOpts1, NewVerifyOpts, RecordCB);
 	Value ->
-	    Versions = [RecordCB:protocol_version(Vsn) || Vsn <- Value],
+            Versions0 = [RecordCB:protocol_version(Vsn) || Vsn <- Value],
+            Versions1 = lists:sort(fun RecordCB:is_higher/2, Versions0),
 	    new_ssl_options(proplists:delete(versions, SslOpts1), 
-			    NewVerifyOpts#ssl_options{versions = Versions}, record_cb(Protocol))
+			    NewVerifyOpts#ssl_options{versions = Versions1}, record_cb(Protocol))
     end;
 
 %% Handle all options in listen and connect
@@ -912,7 +913,8 @@ handle_options(Opts0, Role, Host) ->
 		   [] ->
 		       RecordCb:supported_protocol_versions();
 		   Vsns  ->
-		       [RecordCb:protocol_version(Vsn) || Vsn <- Vsns]
+                       Versions0 = [RecordCb:protocol_version(Vsn) || Vsn <- Vsns],
+                       lists:sort(fun RecordCb:is_higher/2, Versions0)
 	       end,
 
     Protocol = handle_option(protocol, Opts, tls),
-- 
cgit v1.2.3