[erlang-bugs] SSL sslv3 not working as expected?

Loïc Hoguin essen@REDACTED
Fri Feb 7 11:01:33 CET 2014


On 02/06/2014 09:29 PM, Ingela Anderton Andin wrote:
> Hi!
>
> On 02/06/2014 05:59 PM, Loïc Hoguin wrote:
>> Just [{cert, Cert}, {key, Key}, {port, 0}, {versions, [sslv3]}] does it.
>
> You mean that you get it when you input certs as binaries? Could it be
> related to https://github.com/erlang/otp/pull/163
> We  want to include this pull request but it solves two problems and
> only one persists and we are waiting for the pull
> request to be updated.

I don't have any idea what that pull request is about. I am not too well 
versed in SSL-fu.

I narrowed it down a little.

The previously mentioned issue only happens with a test certificate 
generated by erl_make_certs.erl.

A different report happens with a certificate generated by OpenSSL 
(again, setting versions to [sslv3]).

=ERROR REPORT==== 7-Feb-2014::10:55:57 ===
SSL: certify: tls_connection.erl:2286:Fatal error: decrypt error

=ERROR REPORT==== 7-Feb-2014::10:55:57 ===
SSL: certify: tls_connection.erl:2055:Fatal error: decrypt error
{error,{tls_alert,"decrypt error"}}

The client in all cases is always:

   ssl:connect("localhost", 44443, []).

I can provide a test case for either or both of them if you want.

-- 
Loïc Hoguin
http://ninenines.eu



More information about the erlang-bugs mailing list