[erlang-bugs] Fwd: Re: Incomplete Elliptic Curve Cipher Suites in R16B01 and R16B02

Klaus Trainer <>
Mon Oct 7 19:28:03 CEST 2013


Thanks Andrew!

These are good points!  I was actually using an ECC key, but I did
another mistake.

As I was just trying out very quickly, I accidentally specified the
-tls1_2 option on the wrong position and didn't check the output.  As
`openssl -tls1_2 s_client -cipher` terminates with status code 0, the
script's output was "works" for all cipher suites, hence I wrongly
assumed that it would be working.

Thanks again!


On Mon, 2013-10-07 at 13:05 -0400, Andrew Thompson wrote:
> On Mon, Oct 07, 2013 at 10:58:43AM +0200, Klaus Trainer wrote:
> > Ah, thanks, I've missed that!
> > 
> > If I add -tls1_2 in my erl_ssl_check check-ciphers.sh script the test
> > passes for all cipher suites.
> 
> That doesn't work for me with openssl 1.0.1e. Also, I don't know how
> some of those ciphers could pass with the RSA keys you include in that
> repo. The ECDSA ciphers require an ECC key, as far as I know.
> 
> Andrew
> _______________________________________________
> erlang-bugs mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-bugs

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20131007/f90a1a00/attachment.bin>


More information about the erlang-bugs mailing list