[erlang-bugs] SSL sslv3 not working as expected?

Ingela Anderton Andin Ingela.Anderton.Andin@REDACTED
Fri Feb 7 11:10:17 CET 2014


Hi!

If you can provide a failing test case that is a good place to start.  I 
will not have time to look at it until Monday as I am looking after my 
sick daughter today, and just quickly answering some mails.

Regards Ingela Erlang/OTP team

On 02/07/2014 11:01 AM, Loïc Hoguin wrote:
> On 02/06/2014 09:29 PM, Ingela Anderton Andin wrote:
>> Hi!
>>
>> On 02/06/2014 05:59 PM, Loïc Hoguin wrote:
>>> Just [{cert, Cert}, {key, Key}, {port, 0}, {versions, [sslv3]}] does it.
>>
>> You mean that you get it when you input certs as binaries? Could it be
>> related to https://github.com/erlang/otp/pull/163
>> We  want to include this pull request but it solves two problems and
>> only one persists and we are waiting for the pull
>> request to be updated.
>
> I don't have any idea what that pull request is about. I am not too well
> versed in SSL-fu.
>
> I narrowed it down a little.
>
> The previously mentioned issue only happens with a test certificate
> generated by erl_make_certs.erl.
>
> A different report happens with a certificate generated by OpenSSL
> (again, setting versions to [sslv3]).
>
> =ERROR REPORT==== 7-Feb-2014::10:55:57 ===
> SSL: certify: tls_connection.erl:2286:Fatal error: decrypt error
>
> =ERROR REPORT==== 7-Feb-2014::10:55:57 ===
> SSL: certify: tls_connection.erl:2055:Fatal error: decrypt error
> {error,{tls_alert,"decrypt error"}}
>
> The client in all cases is always:
>
>    ssl:connect("localhost", 44443, []).
>
> I can provide a test case for either or both of them if you want.
>




More information about the erlang-bugs mailing list