[erlang-bugs] Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02

Klaus Trainer <>
Tue Oct 1 18:09:41 CEST 2013


Hey!

The incomplete implementation of elliptic curves in R16B01 and R16B02 is
an annoying issue for people who try to use Erlang/OTP's SSL/TLS
implementation.  The issue is not easy to debug, and finding relevant
information on the web is not easy as well.  For reference, here's a
list of the few resources that I'm aware of:

* http://erlang.org/pipermail/erlang-questions/2013-June/074349.html
* http://erlang.org/pipermail/erlang-bugs/2013-June/003636.html
* https://github.com/extend/ranch/commit/c0c09a1311

As noted in the latter resource, which is a respective workaround in
Ranch, most popular browsers (e.g. Firefox, Chromium, and Safari) are
affected by this issue.

In order to see which cipher suites are affected, I wrote an echo server
(using Ranch and its SSL transport) and a shell script that uses
`openssl s_client` in order to test several cipher suites against the
echo server.  It can be found at
https://github.com/KlausTrainer/erl_ssl_test and you can compile and run
it by executing `make check`.  Running it under Debian GNU/Linux 7.1
(x86_64) with R16B02 and OpenSSL 1.0.1e generates the following output:

works:     ECDHE-RSA-AES256-SHA384
works not: ECDHE-ECDSA-AES256-SHA384
works:     ECDHE-RSA-AES256-SHA
works not: ECDHE-ECDSA-AES256-SHA
works:     DHE-RSA-AES256-SHA256
works not: DHE-DSS-AES256-SHA256
works:     DHE-RSA-AES256-SHA
works not: DHE-DSS-AES256-SHA
works not: ECDH-RSA-AES256-SHA384
works not: ECDH-ECDSA-AES256-SHA384
works not: ECDH-RSA-AES256-SHA
works not: ECDH-ECDSA-AES256-SHA
works:     AES256-SHA256
works:     AES256-SHA
works:     ECDHE-RSA-DES-CBC3-SHA
works not: ECDHE-ECDSA-DES-CBC3-SHA
works not: ECDH-RSA-DES-CBC3-SHA
works not: ECDH-ECDSA-DES-CBC3-SHA
works:     DES-CBC3-SHA
works:     ECDHE-RSA-AES128-SHA256
works not: ECDHE-ECDSA-AES128-SHA256
works:     ECDHE-RSA-AES128-SHA
works not: ECDHE-ECDSA-AES128-SHA
works:     DHE-RSA-AES128-SHA256
works not: DHE-DSS-AES128-SHA256
works:     DHE-RSA-AES128-SHA
works not: DHE-DSS-AES128-SHA
works not: ECDH-RSA-AES128-SHA256
works not: ECDH-ECDSA-AES128-SHA256
works not: ECDH-RSA-AES128-SHA
works not: ECDH-ECDSA-AES128-SHA
works:     AES128-SHA256
works:     AES128-SHA
works:     ECDHE-RSA-RC4-SHA
works not: ECDHE-ECDSA-RC4-SHA
works not: ECDH-RSA-RC4-SHA
works not: ECDH-ECDSA-RC4-SHA
works:     RC4-SHA
works:     RC4-MD5
works:     DES-CBC-SHA

I hope this helps.

Regards,
Klaus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20131001/6acf6e59/attachment.bin>


More information about the erlang-bugs mailing list