[erlang-bugs] Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02

Ingela Anderton Andin <>
Wed Oct 2 15:49:22 CEST 2013


Hi!

I think your test is a little too naive! I just run your test against an 
openssl server ( OpenSSL 1.0.1 14 Mar 2012)
and here is the result:

works not: ECDHE-RSA-AES256-SHA384
works not: ECDHE-ECDSA-AES256-SHA384
works:     ECDHE-RSA-AES256-SHA
works not: ECDHE-ECDSA-AES256-SHA
works not: DHE-RSA-AES256-SHA256
works not: DHE-DSS-AES256-SHA256
works:     DHE-RSA-AES256-SHA
works not: DHE-DSS-AES256-SHA
works not: ECDH-RSA-AES256-SHA384
works not: ECDH-ECDSA-AES256-SHA384
works not: ECDH-RSA-AES256-SHA
works not: ECDH-ECDSA-AES256-SHA
works not: AES256-SHA256
works:     AES256-SHA
works:     ECDHE-RSA-DES-CBC3-SHA
works not: ECDHE-ECDSA-DES-CBC3-SHA
works not: ECDH-RSA-DES-CBC3-SHA
works not: ECDH-ECDSA-DES-CBC3-SHA
works:     DES-CBC3-SHA
works not: ECDHE-RSA-AES128-SHA256
works not: ECDHE-ECDSA-AES128-SHA256
works:     ECDHE-RSA-AES128-SHA
works not: ECDHE-ECDSA-AES128-SHA
works not: DHE-RSA-AES128-SHA256
works not: DHE-DSS-AES128-SHA256
works:     DHE-RSA-AES128-SHA
works not: DHE-DSS-AES128-SHA
works not: ECDH-RSA-AES128-SHA256
works not: ECDH-ECDSA-AES128-SHA256
works not: ECDH-RSA-AES128-SHA
works not: ECDH-ECDSA-AES128-SHA
works not: AES128-SHA256
works:     AES128-SHA
works:     ECDHE-RSA-RC4-SHA
works not: ECDHE-ECDSA-RC4-SHA
works not: ECDH-RSA-RC4-SHA
works not: ECDH-ECDSA-RC4-SHA
works:     RC4-SHA
works:     RC4-MD5
works:     DES-CBC-SHA

If you look closer you willl see that the error is:
"140232248637088:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no 
shared cipher:s3_srvr.c:1353:"

After just a quick check of

your test of erlang:

works not: ECDH-RSA-AES256-SHA384

Our test suite: ssl_ECC_SUITE:client_ec_server_ec/1  <cid:>

sucessfully negotiaties ECDH-RSA-AES256-SHA384 with openssl in R16B02

So I think some of your conclusions where a bit premature.

The problems you mentioned in R16B01 are probably fixed in R16B02

"Now handles signature_algorithm field in digitally_signed
properly with proper defaults.  Prior to this change
some elliptic curve cipher suites could fail  reporting the error "bad 
certificate"."

Also there is at the moment a documented limitation:
"Elliptic Curve cipher suites are supported if crypto supports it and 
named curves are used."

But your welcome to submit a new bug report if you should find a correct 
setup that fails.

Regards Ingela Erlang/OTP team Ericsson AB


On 10/01/2013 06:09 PM, Klaus Trainer wrote:
> Hey!
>
> The incomplete implementation of elliptic curves in R16B01 and R16B02 is
> an annoying issue for people who try to use Erlang/OTP's SSL/TLS
> implementation.  The issue is not easy to debug, and finding relevant
> information on the web is not easy as well.  For reference, here's a
> list of the few resources that I'm aware of:
>
> * http://erlang.org/pipermail/erlang-questions/2013-June/074349.html
> * http://erlang.org/pipermail/erlang-bugs/2013-June/003636.html
> * https://github.com/extend/ranch/commit/c0c09a1311
>
> As noted in the latter resource, which is a respective workaround in
> Ranch, most popular browsers (e.g. Firefox, Chromium, and Safari) are
> affected by this issue.
>
> In order to see which cipher suites are affected, I wrote an echo server
> (using Ranch and its SSL transport) and a shell script that uses
> `openssl s_client` in order to test several cipher suites against the
> echo server.  It can be found at
> https://github.com/KlausTrainer/erl_ssl_test and you can compile and run
> it by executing `make check`.  Running it under Debian GNU/Linux 7.1
> (x86_64) with R16B02 and OpenSSL 1.0.1e generates the following output:
>
> works:     ECDHE-RSA-AES256-SHA384
> works not: ECDHE-ECDSA-AES256-SHA384
> works:     ECDHE-RSA-AES256-SHA
> works not: ECDHE-ECDSA-AES256-SHA
> works:     DHE-RSA-AES256-SHA256
> works not: DHE-DSS-AES256-SHA256
> works:     DHE-RSA-AES256-SHA
> works not: DHE-DSS-AES256-SHA
> works not: ECDH-RSA-AES256-SHA384
> works not: ECDH-ECDSA-AES256-SHA384
> works not: ECDH-RSA-AES256-SHA
> works not: ECDH-ECDSA-AES256-SHA
> works:     AES256-SHA256
> works:     AES256-SHA
> works:     ECDHE-RSA-DES-CBC3-SHA
> works not: ECDHE-ECDSA-DES-CBC3-SHA
> works not: ECDH-RSA-DES-CBC3-SHA
> works not: ECDH-ECDSA-DES-CBC3-SHA
> works:     DES-CBC3-SHA
> works:     ECDHE-RSA-AES128-SHA256
> works not: ECDHE-ECDSA-AES128-SHA256
> works:     ECDHE-RSA-AES128-SHA
> works not: ECDHE-ECDSA-AES128-SHA
> works:     DHE-RSA-AES128-SHA256
> works not: DHE-DSS-AES128-SHA256
> works:     DHE-RSA-AES128-SHA
> works not: DHE-DSS-AES128-SHA
> works not: ECDH-RSA-AES128-SHA256
> works not: ECDH-ECDSA-AES128-SHA256
> works not: ECDH-RSA-AES128-SHA
> works not: ECDH-ECDSA-AES128-SHA
> works:     AES128-SHA256
> works:     AES128-SHA
> works:     ECDHE-RSA-RC4-SHA
> works not: ECDHE-ECDSA-RC4-SHA
> works not: ECDH-RSA-RC4-SHA
> works not: ECDH-ECDSA-RC4-SHA
> works:     RC4-SHA
> works:     RC4-MD5
> works:     DES-CBC-SHA
>
> I hope this helps.
>
> Regards,
> Klaus
>
>
> _______________________________________________
> erlang-bugs mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-bugs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20131002/9fc508dc/attachment.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20131002/9fc508dc/attachment-0001.html>


More information about the erlang-bugs mailing list