From f90d75a081f6d5a9a3cfe6f8d387abd7a1489aca Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 3 Sep 2018 12:07:17 +0200
Subject: ssl: Initial cipher suites adoption for TLS-1.3

This commit filters out cipher suites not to be used in TLS-1.3
We still need to add new cipher suites for TLS-1.3 and possible
add new information to the suite data structure.
---
 lib/ssl/src/tls_v1.erl | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'lib/ssl/src/tls_v1.erl')

diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 9bd82e4953..79d50684f1 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -32,7 +32,7 @@
 -export([master_secret/4, finished/5, certificate_verify/3, mac_hash/7, hmac_hash/3,
 	 setup_keys/8, suites/1, prf/5,
 	 ecc_curves/1, ecc_curves/2, oid_to_enum/1, enum_to_oid/1, 
-	 default_signature_algs/1, signature_algs/2]).
+	 default_signature_algs/1, signature_algs/2, v1_3_filters/0]).
 
 -type named_curve() :: sect571r1 | sect571k1 | secp521r1 | brainpoolP512r1 |
                        sect409k1 | sect409r1 | brainpoolP384r1 | secp384r1 |
@@ -247,10 +247,12 @@ suites(3) ->
      %% ?TLS_DH_DSS_WITH_AES_128_GCM_SHA256
     ] ++ suites(2);
 
-
 suites(4) ->
-    suites(3).
+    ssl:filter_cipher_suites(suites(3), v1_3_filters()).
 
+v1_3_filters() ->
+    [{mac, fun(aead) -> true; (_) -> false end}, 
+     {key_exchange, fun(dhe_dss) -> false;(rsa) -> false; (rsa_psk) -> false;(_) -> true end}].
 
 signature_algs({3, 4}, HashSigns) ->
     signature_algs({3, 3}, HashSigns);
-- 
cgit v1.2.3