[erlang-bugs] Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02

Andrew Thompson <>
Fri Oct 4 21:55:39 CEST 2013

If I use

gnutls-serv -p 5555 --x509keyfile=priv/ssl/server.key
--x509certfile=priv/ssl/server.crt --x509cafile=priv/ssl/ca.crt

and connect with:

gnutls-cli -VVVVV -p 5555 localhost --x509cafile=priv/ssl/ca.crt

I'm able to successfully negotiate a TLS 1.2 connection. Wireshark shows
significant differences in the Server Hello that Erlang sends vs the one
gnutls sends. I am able to get chrome to do a 1.2 handshake with the
gnutls server using ---http to make gnutls-serv run as a https server.

The main differences that I see in what erlang is doing vs gnutls:

Erlang sends the elliptic_curves extension as part of the server hello,
gnutls does not. The gnutls *client* does send this extension, however.

According to RFC 4492:


The elliptic_curves extension is a *client* hello extension and the RFC
doesn't seem to mention the server sending it.

The other notable difference is that gnutls sends multiple messages to
the client at once:

Server Hello
Server Key Exchange
Certificate Request
Server Hello Done

Erlang only sends the server hello and then, in a later packet it sends
the Certificate. I don't know if would send the others because gnutls
aborts the connection at this point. Erlang also sends both the server
certificate AND the CA certificate in the Certificate packet, gnutls
only sends the server certificate.

I'mn going to try to figure out how to stop erlang from sending the
eliptic_curves extension as part of the server hello and see if that
helps anything.


More information about the erlang-bugs mailing list