[erlang-questions] Upgrading TCP connection to SSL

Ingela Andin <>
Thu May 26 10:01:06 CEST 2011


As Kaiduan points out you need a scheme (agreed upon protocol) to
coordinate the upgrade but of course you do not need to control
both sides of the connection. In the upgrade example we show a
upgrade scenario, issuing commands from two erlang shells,
demonstrating the mechanism on the "erlang-ssl" level. Of course we
use the erlang client and server to show how our software should
be used, does not mean you can not use any other ssl client to connect
to our server or vice versa.

See for instance RFC 2817 to see how it is done in  HTTP/1.1

Regards Ingela Erlang/OTP team - Ericsson AB

2011/5/25 Kaiduan Xie <>:
> For TCP upgrading to SSL, client and server coordination is required.
> The following is used in XMPP protocol,
> 1) Client initiates TCP connection,
> 2) Server accepts the TCP connection,
> 3) Server sends a message to client to notify client that server
> supports TCP upgrade to SSL,
> 4) Client receives the feature notification from server, and then
> client sends starttls to server,
> 5) Upon receiving starttls from client, server sends back proceed to
> client, server waits for SSL handshake,
> 6) Upon receiving proceed from server, client starts SSL handshake with server.
> For more details please refer 5.3.  Client-to-Server Example
> www.ietf.org/rfc/rfc3290.txt
> Thanks,
> /Kaiduan
> On Wed, May 25, 2011 at 11:35 AM, tom kelly <> wrote:
>> Hello List,
>> I've been reading the SSL documentation on upgrading a TCP connection to use
>> SSL:
>> http://www.erlang.org/doc/apps/ssl/using_ssl.html
>> I've got a situation where I've accepted a TCP connection which the
>> connector has initiated using SSL. It seems I can't at this point upgrade my
>> TCP connection to SSL using the standard SSL library?
>> If I understand the documentation correctly I need to be in control of both
>> ends of the connection to correctly execute this upgrade and in my
>> application I'll never be in control of the connecting side.
>> Does anyone know if this is correct or see something that I'm missing?
>> Anyone know any hack-arounds?
>> Thanks in advance.
>> //Tom.
>> _______________________________________________
>> erlang-questions mailing list
>> http://erlang.org/mailman/listinfo/erlang-questions
> _______________________________________________
> erlang-questions mailing list
> http://erlang.org/mailman/listinfo/erlang-questions

More information about the erlang-questions mailing list