[erlang-questions] self signed certs problem

Ingela Andin ingela.andin@REDACTED
Fri Oct 4 09:44:33 CEST 2013 

Hi Wes!

I have heard from several sources that they have problems connecting with
Firefox and  Chrome
when Elliptic curve cipher suites are enabled.  Elliptic curve ciphers
where first supported at all in R16 and are by default enabled, although
will not be used if the client does not claim to be able to use them.
It does seem though that other clients can connect like curl, s_client
(openssl), some python client and now opera.  I also know that some ECC
ciphers are broken in openssl version 1.0.0 and 1.0.0.a.
So it seems like it is a client problem that you may workaround by
disabling Elliptic Curve cipher suites
until the clients get fixed. Also R16B02 fixes an ECC bug so R16B will not
be better then R16B02, going
back to R15 will work as the ECC ciphers where not supported at all, but I
can see other reasons you would not want to do that.

Regards Ingela Erlang/OTP team - Ericsson AB




2013/10/4 Wes James <comptekki@REDACTED>

> Somewhere along the line I've started having issues with self-signed certs.
>
> On xubuntu I've:
>
> recently upgraded chrome and firefox (both having issues)
>
> recently upgraded cowboy to master
>
> recently upgrade to 16B02 (compiled then installed)
>
> I'm having issues accessing sites on https now.  I get an error from
> firefox, but try to accept but get a security error.  On chrome, it just
> says it can't get to the site.  I then tried opera.  I have to confirm some
> boxes on opera, but I can finally see the https sites.
>
> Anyone else having these issues?
>
> I've tried going back to 16B, but still have the issues so I'm not sure if
> it is erlang.  I've tried compiling code with 0.8.1 of cowboy with 16B, but
> still have the same issues (where it was working fine before), so I'm not
> sure where the problem is.
>
> Thanks,
>
> Wes
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20131004/8dd69bfe/attachment.htm>

More information about the erlang-questions mailing list