[erlang-bugs] ssl socket session upgrade fails

Ingela Anderton Andin <>
Wed Nov 21 14:42:24 CET 2012


Delorum wrote:
> So i think that reusing sessions might be broke if the client and the server do not have the same version of openssl installed on their machine.
> here is a bit of code that can trigger the error:
> ssl:start(),
> {ok,Listen} = ssl:listen(443,[{reuseaddr,true},{certfile,"/mnt/ssl/mysite.com.crt"},{keyfile,"mysite.com.key"}]), 
> {ok,NewSocket} = ssl:transport_accept(Listen),
> ssl:ssl_accept(NewSocket),
> {ok,NewSock2} = ssl:transport_accept(Listen),
> ssl:ssl_accept(NewSock2). 
> and here is what can be run in another shell to case the error:
> openssl s_client -ssl3 -connect -reconnect
> the interesting thing that I have noticed is that when running the openssl s_client command from the same machine that the erlang server is runing DOES NOT cause the issue. But when running the same command from any other machine, and I tested it with 12 machines here in the office it fails. 
> to be more specific, if the version of openssl on the CLIENT machine is 0.9.8r, and the server version is in the 1.0.1 series. 

I do not think that the openssl version on the server host is relevant. 
Erlang SSL application uses openssl for crypto operations only. Can you 
connect with the s_client to s_servers that you start on the server host?

> clients should not have to upgrade their version of openssl in order to visit websites hosted by an erlang application. 


> and here is the crash, i removed all the binary data and the private key data because this is not a test cert:
> =ERROR REPORT==== 16-Nov-2012::16:54:57 ===
> ** State machine <0.49.0> terminating 
> ** Last message in was {tcp,#Port<0.1263>,
>                            << removed >>}

This looks really strange << removed >>  is not a valid TLS message!


Regards Ingela Erlang/OTP team - Ericsson AB

More information about the erlang-bugs mailing list