From 3feda337499c6f88a02ba0cf654e56c46fcf7ba4 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 28 May 2024 12:58:47 +0200
Subject: [PATCH] ssl: Fix TLS-1.3 minimum support check

---
 lib/ssl/src/tls_record.erl | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl
index 01f85624bfd2..e9be489a0e92 100644
--- a/lib/ssl/src/tls_record.erl
+++ b/lib/ssl/src/tls_record.erl
@@ -430,20 +430,16 @@ sufficient_crypto_support(CryptoSupport, 'tlsv1.3') ->
     Fun = fun({Group, Algorithm}) ->
                   is_algorithm_supported(CryptoSupport, Group, Algorithm)
           end,
-    L = [{ciphers, aes_gcm},                %% TLS_AES_*_GCM_*
-         {ciphers, chacha20_poly1305},      %% TLS_CHACHA20_POLY1305_SHA256
+   %% Minimum requirement check
+   L = [{ciphers, aes_gcm},                %% TLS_AES_*_GCM_*
          {hashs, sha256},                   %% TLS_AES_128_GCM_SHA256
-         {hashs, sha384},                   %% TLS_AES_256_GCM_SHA384
          {rsa_opts, rsa_pkcs1_padding},     %% rsa_pkcs1_sha256
-         {rsa_opts, rsa_pkcs1_pss_padding}, %% rsa_pss_rsae_*
-         {rsa_opts, rsa_pss_saltlen},       %% rsa_pss_rsae_*
+         {rsa_opts, rsa_pkcs1_pss_padding}, %% rsa_pss_*
          {public_keys, ecdh},
-         {public_keys, dh},
          {public_keys, rsa},
          {public_keys, ecdsa},
-         %% {public_keys, eddsa},  %% TODO
-         {curves, secp256r1},               %% key exchange with secp256r1
-         {curves, x25519}],                 %% key exchange with X25519
+         {curves, secp256r1}               %% key exchange with secp256r1
+        ],
     lists:all(Fun, L);
 sufficient_crypto_support(CryptoSupport, Version) ->
     sufficient_crypto_support(CryptoSupport, protocol_version(Version)).