[erlang-questions] dh_anon SSL connection failed

Alexander Hudich <>
Mon Jan 16 12:10:49 CET 2012


Spent all night trying to establish SSL connection from my Erlang program to
Nagios NRPE service. 

This is kind of excerpt from check_nrpe code which connects just fine:

SSL_library_init();

SSLeay_add_ssl_algorithms();

meth=SSLv23_client_method();

SSL_load_error_strings();

ctx=SSL_CTX_new(meth));

SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

result=my_tcp_connect(server_name,server_port,&sd);

/* do SSL handshake */

if(result==STATE_OK && use_ssl==TRUE){

  if((ssl=SSL_new(ctx))!=NULL){

    SSL_CTX_set_cipher_list(ctx,"ADH");

    SSL_set_fd(ssl,sd);

    rc=SSL_connect(ssl));

  }

}

 

But I couldn't establish connection in any way. I always got an error:

Erlang R16B (erts-5.10) [source] [64-bit] [smp:1:1] [async-threads:0] [hipe]
[kernel-poll:false] 

Eshell V5.10

 

5> SockOpts.

[{active,false},

{ssl_imp,old},

{verify,verify_none},

{ciphers,[{dh_anon,rc4_128,md5},

           {dh_anon,des_cbc,sha},

           {dh_anon,'3des_ede_cbc',sha},

           {dh_anon,aes_128_cbc,sha},

           {dh_anon,aes_256_cbc,sha}]}]

6> ssl:connect( Ip, 5666, SockOpts, infinity).

 

=ERROR REPORT==== 16-Jan-2012::12:49:23 ===

SSL: hello: ssl_handshake.erl:885:Fatal error: handshake failure

{error,esslconnect}

Code in ssl_handshake.erl at line 885 is

dec_hs( _, _ ) -> 

    throw( ?ALERT_REC( ... ) )

 

What do you think is it possible to make this type of connection in Erlang?
What else can I try or is it a bug?

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120116/def62324/attachment.html>


More information about the erlang-questions mailing list