[erlang-bugs] Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02

Andrew Thompson <>
Fri Oct 4 22:45:50 CEST 2013


If I change line ~422 of tls_connection to:

do_server_hello(Type, ServerHelloExt#hello_extensions{elliptic_curves=undefined,

so that elliptic_curves are not sent as part of the server hello,
gnutls-client makes significant progress, but then fails with
'unsupported curve'. I *think* now I'm running into the TODO over in
tls_handshake:

 %% TODO: need to take supported Curves into Account when selecting the CipherSuite...
 %%       if whe have an ECDSA cert with an unsupported curve, we need to drop ECDSA ciphers

Andrew


More information about the erlang-bugs mailing list