[erlang-bugs] Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02
Klaus Trainer
klaus_trainer@REDACTED
Wed Oct 2 17:48:17 CEST 2013
Thanks. I'm not too confident about that test either. I checked with
an oldish OpenSSL version (1.0.1c) as well and suddenly also had lots of
cipher suites fail that worked well when testing with OpenSSL 1.0.1.e
previously.
> If you look closer you willl see that the error is:
> "140232248637088:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1353:"
>
> After just a quick check of
>
> your test of erlang:
> works not: ECDH-RSA-AES256-SHA384
> Our test suite: ssl_ECC_SUITE:client_ec_server_ec/1
>
> sucessfully negotiaties ECDH-RSA-AES256-SHA384 with openssl in R16B02
>
> So I think some of your conclusions where a bit premature.
> The problems you mentioned in R16B01 are probably fixed in R16B02
>
I did see that lots of related fixes went into R16B02. However I still
have the same problems as with R16B01, i.e., the TLS handshake fails
both in Chromium (version 28.0 GNU/Linux x86_64) and Firefox (version
24.0 GNU/Linux x86_64) as long as I don't disable ecdh cipher suites.
> Also there is at the moment a documented limitation:
> "Elliptic Curve cipher suites are supported if crypto supports it and
> named curves are used."
>
I don't know for sure, but maybe this is exactly the problem with some
browsers.
Please let me know if you think I can provide additional help on that
issue!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20131002/d0dd3e8c/attachment.bin>
More information about the erlang-bugs
mailing list