[erlang-questions] SSL decrypt error during SSL handshake

Daniel Luna <>
Thu Dec 20 16:39:27 CET 2012


Most likely this is the same bug that bit us a while ago.  With
certificates from GoDaddy.

Here http://erlang.org/pipermail/erlang-bugs/2012-August/002996.html
plus related emails.

This was fixed in R15B02.  From the release notes:

   OTP-10222  Workaround for handling certificates that wrongly encode
	      X509countryname in utf-8 when the actual value is a valid
	      ASCCI value of length 2. Such certificates are accepted by
	      many browsers such as Chrome and Fierfox so for
	      interoperability reasons we will too.

Cheers,

Daniel

On 20 December 2012 03:33, Ingela Andin <> wrote:
> Hi!
>
> Decryption error happens if the inputdata is somehow corrupted.
> I can not think of an obvious reason that this could happen with you setup, but
> your server is using a fairly old version so upgrading might be a good
> idea regardless.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
> 2012/12/15, Kaiduan Xie <>:
>> Hi,
>>
>> I ran into a situation where server sends back SSL decrypt error to
>> client during SSL handshake, both client and server are written in
>> Erlang. The SSL handshake looks as below,
>>
>> 1) Client sends Client Hello to server
>> 2) Server sends Server Hello back
>> 3) Server sends Certificate, Server Key Exchange and Server Hello Done
>> 4) Client sends Client Key Exchange
>> 5) Client sends Change Cipher Spec, Encrypted Handshake Message
>> 6) Server sends Alert (Level: Fatal, Description: Decrypt Error)
>>
>> The certificate is from godaddy, any idea why server sends Decrypt Error?
>>
>> The server is running R14B01 while the client is running R15B02.
>>
>> Thanks,
>>
>> /Kaiduan
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions



More information about the erlang-questions mailing list