[erlang-bugs] R16A ssl (tls1.2) handshake failure on renegotiate with client cert request

[Rick Reed]

Our R16A testing uncovered a possible problem with client connections with
client certificate.

Our app hits an entrypoint under https://sn1.mpns.live.net which is
apparently running IIS/7.5.  The initial handshake succeeds and our request
is sent, but this triggers a renegotiate with client certificate request.
 The second handshake succeeds on R15B01, but the server immediately closes
the connection at some point during the second handshake on R16A.

I narrowed the problem down to the commit which changed the default to TLS
v1.2.  Adding {versions, [tlsv1, sslv3]} to the ssl options allows the
request to succeed on R16A.

I suppose this could be a bug on the IIS side.  I can't tell.

Rr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20130228/c4a6dee1/attachment.htm>