[erlang-questions] SSL decrypt error during SSL handshake
Daniel Luna
daniel@REDACTED
Thu Dec 20 16:39:27 CET 2012
Most likely this is the same bug that bit us a while ago. With
certificates from GoDaddy.
Here http://erlang.org/pipermail/erlang-bugs/2012-August/002996.html
plus related emails.
This was fixed in R15B02. From the release notes:
OTP-10222 Workaround for handling certificates that wrongly encode
X509countryname in utf-8 when the actual value is a valid
ASCCI value of length 2. Such certificates are accepted by
many browsers such as Chrome and Fierfox so for
interoperability reasons we will too.
Cheers,
Daniel
On 20 December 2012 03:33, Ingela Andin <ingela.andin@REDACTED> wrote:
> Hi!
>
> Decryption error happens if the inputdata is somehow corrupted.
> I can not think of an obvious reason that this could happen with you setup, but
> your server is using a fairly old version so upgrading might be a good
> idea regardless.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
> 2012/12/15, Kaiduan Xie <kaiduanx@REDACTED>:
>> Hi,
>>
>> I ran into a situation where server sends back SSL decrypt error to
>> client during SSL handshake, both client and server are written in
>> Erlang. The SSL handshake looks as below,
>>
>> 1) Client sends Client Hello to server
>> 2) Server sends Server Hello back
>> 3) Server sends Certificate, Server Key Exchange and Server Hello Done
>> 4) Client sends Client Key Exchange
>> 5) Client sends Change Cipher Spec, Encrypted Handshake Message
>> 6) Server sends Alert (Level: Fatal, Description: Decrypt Error)
>>
>> The certificate is from godaddy, any idea why server sends Decrypt Error?
>>
>> The server is running R14B01 while the client is running R15B02.
>>
>> Thanks,
>>
>> /Kaiduan
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list