[erlang-bugs] Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02

Klaus Trainer <>
Wed Oct 2 17:48:17 CEST 2013


Thanks.  I'm not too confident about that test either.  I checked with
an oldish OpenSSL version (1.0.1c) as well and suddenly also had lots of
cipher suites fail that worked well when testing with OpenSSL 1.0.1.e
previously.

> If you look closer you willl see that the error is: 
> "140232248637088:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1353:"
> 
> After just a quick check of 
> 
> your test of erlang: 
> works not: ECDH-RSA-AES256-SHA384
> Our test suite: ssl_ECC_SUITE:client_ec_server_ec/1
> 
> sucessfully negotiaties ECDH-RSA-AES256-SHA384 with openssl in R16B02 
> 
> So I think some of your conclusions where a bit premature. 
> The problems you mentioned in R16B01 are probably fixed in R16B02
> 
I did see that lots of related fixes went into R16B02.  However I still
have the same problems as with R16B01, i.e., the TLS handshake fails
both in Chromium (version 28.0 GNU/Linux x86_64) and Firefox (version
24.0 GNU/Linux x86_64) as long as I don't disable ecdh cipher suites.

> Also there is at the moment a documented limitation:
> "Elliptic Curve cipher suites are supported if crypto supports it and
> named curves are used."
> 
I don't know for sure, but maybe this is exactly the problem with some
browsers.

Please let me know if you think I can provide additional help on that
issue!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20131002/d0dd3e8c/attachment-0001.bin>


More information about the erlang-bugs mailing list