[erlang-questions] iPhone unable to connect over SSL after upgrading to R16B01
Ingela Andin
ingela.andin@REDACTED
Mon Jun 24 14:35:11 CEST 2013
Hi again,
2013/6/23 Andrew Shu <talklittle@REDACTED>
> THANK YOU for posting this! This being my first time using Cowboy HTTPS
> and secure websockets, I was going crazy trying to figure out why SSL
> wasn't working via Chromium on Linux, while curl seemed to handle the
> self-signed certificates okay. It wouldn't have occurred to me that it
> could be an Erlang bug.
>
> After reverting to R16B, and removing all traces of R16B01, everything
> seems working.
> I wasted a lot of time swapping out SSL certificates to no avail. I think
> sticking with R16B is the best, or only, solution for now.
>
> I had been getting a Chromium gray error screen with
> "ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED". Not the usual "this certificate is
> not trusted" red screen.
> Firefox choked too. Curl seemed ok, strangely enough.
>
>
Ok just make sure I run an openssl client against the erlang server too,
with the cowboy example (as you
try to connect to an erlang-server with other clients). This works too. So
it seems openssl and curl can connect to the erlang-server but not chrom
and firefox? And the connection fails due to that the client sends and
alert. So atleas this problem seems not to be related to ECDSA
certificates. (The missed TODO) .
The other clients could also have issues with ecc-cipher suites, you could
try to setting up an openssl server using
openssl s_server -accept 4433 -CAfile ca.crt -cert server.crt -key
server.key
and trying the clients to see if they can connect with ecc-ciphers.
The following command must return elliptic curve ciper cuites ECDH* ECDSA*
> openssl ciphers
Regards Ingela Erlang/OTP team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130624/0e36c686/attachment.htm>
More information about the erlang-questions
mailing list