[erlang-patches] new version elliptic curve support

Andreas Schultz <>
Thu Mar 21 11:42:20 CET 2013


Hi Ingela,

----- Original Message -----
> Hi Andreas!
> 
> Regarding the ciphers_dsa_signed_cert  that fails on windows XP /7,
> solaris and powerpc. Old openssl versions 0.9.8-r and 0.9.8-o I have
> found the following
> statement from openssl:
> 
> "Support for ECC is by default disabled in the stable 0.9.8 release, and
> is slated for production use with 0.9.9 "
> 
> So I will disable ECC cipher tests for those openssl versions.

I doubt that this will change anything.

With the openssl cipher filter in the test suite
(https://github.com/RoadRunnr/otp/commit/9ef7c20be988faceb79ec7ecdb1e44f9673a1e5d)
only ciphers actually announced by openssl should be tested.
'OpenSSL 0.9.8r 8 Feb 2011' on my system does not announce any EC ciphers,
so they should not be negotiated or tested in any case.

Also, the way I understand RFC-4492, DSA signed certificates are not compatible
with any of the EC cipher suites, only RSA or ECDSA signed certificates
are permitted, so the DSA test should not event attempt to use EC.

I suspect the problem comes from either the changed certificate
filtering permitting a cipher suite that it shouldn't or the test suite
attempts to use a EC cipher suite with DSA certificates. However, I don't have an
idea why this should only happen on this particular openssl version.

The logs from the test suite do not offer much information on why the
test was actually aborted. The logged timeout is merely a result of the
real problem. So I was thinking about amending the test case with a bit
more diagnostic output, like cipher suite currently tested and also the
real abort message from the other party.

> We are still having some strange problems on a windows 7 machine,
> handshakes are working but data from openssls s_client and s_server
> never arrives, it seems likely it
> is some kind of environmental problem and I will continue looking into that.

I could try to reproduce that, is there anything to this particular system
that differs from the instructions on:
http://www.erlang.org/doc/installation_guide/INSTALL-WIN32.html

Andreas

> 
> Regards Ingela Erlang/OTP team - Ericsson AB
> 
> 
> 
> 
> 
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: 
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------


More information about the erlang-patches mailing list