From f5902d53588784d95674e07055fc2ef0d6fd0ed0 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 19 Apr 2013 22:07:55 +0200
Subject: ssl: Filter out ECC cipher suites when openssl is buggy

Even in "normal" (not explicitly ECC tests) cases we need to filter out
ECC ciper suites as they are preferd.
---
 lib/ssl/test/ssl_test_lib.erl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'lib/ssl/test/ssl_test_lib.erl')

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 3b63886a07..6069a9da95 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -982,3 +982,15 @@ is_sane_ecc(openssl) ->
     end;
 is_sane_ecc(_) ->
     true.
+
+cipher_restriction(Config) ->
+    case is_sane_ecc(openssl) of
+	false ->
+	    Opts = proplists:get_value(server_opts, Config),
+	    NewConfig = proplists:delete(server_opts, Config),
+	    Restricted0 = ssl:cipher_suites() -- ecdsa_suites(),
+            Restricted  = Restricted0 -- ecdh_rsa_suites(),
+	    [{server_opts, [{ciphers, Restricted} | Opts]} | NewConfig];
+	true ->
+	    Config
+    end.
-- 
cgit v1.2.3