From benmmurphy@REDACTED Mon Sep 5 18:18:15 2016 From: benmmurphy@REDACTED (Ben Murphy) Date: Mon, 5 Sep 2016 17:18:15 +0100 Subject: [erlang-bugs] signature_algs TLS 1.2 compatability Message-ID: There are some TLS servers on the internet (Microsoft IIS) that have a very strict reading of the tls1.2 rfc (rfc5246 - https://tools.ietf.org/html/rfc5246) and if they have a certificate which is incompatible with the default signature_algs then they will kill the connection. Now people are starting to roll out SHA-256 bit certs but SHA-256 certs are not compatible with the default signature_algs. When we try to connect to these servers with tls1.2 the server will close the connection after the client hello. This issue has already been discussed on erlang-questions here ( http://osdir.com/ml/erlang-questions-programming/2016-07/msg00062.html). Unfortunately, the solution discussed there is not useful for us. If you set signature_algs then you must also set the versions to only tlsv1.2. Since if you have any other versions selected then the erlang client will ignore the signature_algs parameter. This is problematic for our use cases for 2 reasons: 1) We are connecting to a server that is 'interesting'. It consists of load balanced IIS servers. Some of which do not support tlsv1.2 and some of which support tlsv1.2 but require the signature_algs extension. The only way to connect to these servers is to set versions to tlsv1. Thus we are not able to use tlsv1.2 even though some of their servers support it. 2) In our product we support webhooks for making callbacks to other people's servers when events happen. It would be nice if all the user had to supply was their URL and we didn't have to worry them about what TLS version they needed or whether they needed a special work around for TLSv1.2. For example presently we either have to force the TLS version to be 1.2 or (1.1 + 1.0) we can't concurrently support 1.0, 1.1 and 1.2. I was wondering whether it would be possible to always send the signature_algs value even if versions contain non tls1.2 versions? This would solve our problem. If this is considered risky functionality maybe this could only happen when you explicitly set signature_algs or it could be put behind some flag. From tony@REDACTED Tue Sep 13 00:34:38 2016 From: tony@REDACTED (Tony Rogvall) Date: Tue, 13 Sep 2016 00:34:38 +0200 Subject: [erlang-bugs] prim_eval:'receive' Message-ID: <6D517F47-F814-490F-9413-D00875AF43A3@rogvall.se> I still think this is a bit boring. > self() ! a. > prim_eval:'receive'(fun(X) -> prim_eval:'receive'(fun(Y) -> Y end, 500) end, 1000). Segmentation fault: 11 Is it really that hard to fix? It would be fun to see cool hacks that can bring down the emulator! A list of NOT so cool hacks: > init:stop(). > erlang:halt(1). > os:cmd(?kill ?++os:getpid()). > lists:seq(1, 18446744073709551616). - write driver or nif that crash But anything else should be interesting to see. How many ways can we crash the emulator in this way? /Tony -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: From n.oxyde@REDACTED Tue Sep 13 14:17:40 2016 From: n.oxyde@REDACTED (Anthony Ramine) Date: Tue, 13 Sep 2016 14:17:40 +0200 Subject: [erlang-bugs] prim_eval:'receive' In-Reply-To: <6D517F47-F814-490F-9413-D00875AF43A3@rogvall.se> References: <6D517F47-F814-490F-9413-D00875AF43A3@rogvall.se> Message-ID: <182A0A90-C897-4AF9-87D6-7BFFF2D443C5@gmail.com> > Le 13 sept. 2016 ? 00:34, Tony Rogvall a ?crit : > > Is it really that hard to fix? Yes, just don't do that. From tony@REDACTED Tue Sep 13 16:40:11 2016 From: tony@REDACTED (Tony Rogvall) Date: Tue, 13 Sep 2016 16:40:11 +0200 Subject: [erlang-bugs] prim_eval:'receive' In-Reply-To: <182A0A90-C897-4AF9-87D6-7BFFF2D443C5@gmail.com> References: <6D517F47-F814-490F-9413-D00875AF43A3@rogvall.se> <182A0A90-C897-4AF9-87D6-7BFFF2D443C5@gmail.com> Message-ID: <72090A97-721C-4098-96A9-2FD82FE41996@rogvall.se> You said last time I was complaining about this feature that the runtime could be brought down in a number of ways. I would like to see a list of a least 5 ways to do that! Preferably beautiful ways. /Tony > On 13 sep 2016, at 14:17, Anthony Ramine wrote: > > >> Le 13 sept. 2016 ? 00:34, Tony Rogvall a ?crit : >> >> Is it really that hard to fix? > > Yes, just don't do that. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: From vychodil.hynek@REDACTED Thu Sep 15 17:57:45 2016 From: vychodil.hynek@REDACTED (Hynek Vychodil) Date: Thu, 15 Sep 2016 15:57:45 +0000 Subject: [erlang-bugs] prim_eval:'receive' In-Reply-To: <72090A97-721C-4098-96A9-2FD82FE41996@rogvall.se> References: <6D517F47-F814-490F-9413-D00875AF43A3@rogvall.se> <182A0A90-C897-4AF9-87D6-7BFFF2D443C5@gmail.com> <72090A97-721C-4098-96A9-2FD82FE41996@rogvall.se> Message-ID: Send to any process lists:foldl(fun(_,X) -> [X|X] end, [], lists:seq(1, 40)) (Do not try to look on result in shell because result is sent to the shell or change at least to 20) On Tue, Sep 13, 2016 at 4:40 PM Tony Rogvall wrote: > You said last time I was complaining about this feature that > the runtime could be brought down in a number of ways. > > I would like to see a list of a least 5 ways to do that! Preferably > beautiful ways. > > /Tony > > > On 13 sep 2016, at 14:17, Anthony Ramine wrote: > > > > > >> Le 13 sept. 2016 ? 00:34, Tony Rogvall a ?crit : > >> > >> Is it really that hard to fix? > > > > Yes, just don't do that. > > _______________________________________________ > erlang-bugs mailing list > erlang-bugs@REDACTED > http://erlang.org/mailman/listinfo/erlang-bugs > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony@REDACTED Thu Sep 15 19:56:14 2016 From: tony@REDACTED (Tony Rogvall) Date: Thu, 15 Sep 2016 19:56:14 +0200 Subject: [erlang-bugs] prim_eval:'receive' In-Reply-To: References: <6D517F47-F814-490F-9413-D00875AF43A3@rogvall.se> <182A0A90-C897-4AF9-87D6-7BFFF2D443C5@gmail.com> <72090A97-721C-4098-96A9-2FD82FE41996@rogvall.se> Message-ID: <3FBF3DE2-E1D5-4ACB-BE53-5BC499FB04C7@rogvall.se> Ah, exhausting memory did not count :-) But it is a nice example anyway. /Tony > On 15 sep 2016, at 17:57, Hynek Vychodil wrote: > > Send to any process > lists:foldl(fun(_,X) -> [X|X] end, [], lists:seq(1, 40)) > (Do not try to look on result in shell because result is sent to the shell or change at least to 20) > > On Tue, Sep 13, 2016 at 4:40 PM Tony Rogvall wrote: > You said last time I was complaining about this feature that > the runtime could be brought down in a number of ways. > > I would like to see a list of a least 5 ways to do that! Preferably beautiful ways. > > /Tony > > > On 13 sep 2016, at 14:17, Anthony Ramine wrote: > > > > > >> Le 13 sept. 2016 ? 00:34, Tony Rogvall a ?crit : > >> > >> Is it really that hard to fix? > > > > Yes, just don't do that. > > _______________________________________________ > erlang-bugs mailing list > erlang-bugs@REDACTED > http://erlang.org/mailman/listinfo/erlang-bugs -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: