[erlang-bugs] Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02
Wed Oct 2 17:48:17 CEST 2013
Thanks. I'm not too confident about that test either. I checked with
an oldish OpenSSL version (1.0.1c) as well and suddenly also had lots of
cipher suites fail that worked well when testing with OpenSSL 1.0.1.e
> If you look closer you willl see that the error is:
> "140232248637088:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1353:"
> After just a quick check of
> your test of erlang:
> works not: ECDH-RSA-AES256-SHA384
> Our test suite: ssl_ECC_SUITE:client_ec_server_ec/1
> sucessfully negotiaties ECDH-RSA-AES256-SHA384 with openssl in R16B02
> So I think some of your conclusions where a bit premature.
> The problems you mentioned in R16B01 are probably fixed in R16B02
I did see that lots of related fixes went into R16B02. However I still
have the same problems as with R16B01, i.e., the TLS handshake fails
both in Chromium (version 28.0 GNU/Linux x86_64) and Firefox (version
24.0 GNU/Linux x86_64) as long as I don't disable ecdh cipher suites.
> Also there is at the moment a documented limitation:
> "Elliptic Curve cipher suites are supported if crypto supports it and
> named curves are used."
I don't know for sure, but maybe this is exactly the problem with some
Please let me know if you think I can provide additional help on that
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the erlang-bugs