[erlang-questions] self signed certs problem

Wes James <>
Fri Oct 4 16:48:09 CEST 2013


How would I do this in the .app.src?

I have:

{application, dbswui, [
    {description, "database search web ui."},
    {vsn, "0.1.0"},
    {modules, []},
    {registered, []},
    {applications, [
        kernel,
        stdlib,
       crypto,
       public_key,
       cowlib,
        cowboy,
        ssl
    ]},
    {mod, {dbswui_app, []}},
    {env, []}
]}.

I have this from a previous email from you on list.

{ciphers, [{dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {rsa,aes_256_cbc,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {rsa,aes_128_cbc,sha256},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {rsa,aes_256_cbc,sha},
 {dhe_rsa,'3des_ede_cbc',sha},
 {dhe_dss,'3des_ede_cbc',sha},
 {rsa,'3des_ede_cbc',sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha},
 {rsa,aes_128_cbc,sha},
 {rsa,rc4_128,sha},
 {rsa,rc4_128,md5},
 {dhe_rsa,des_cbc,sha},
 {rsa,des_cbc,sha}]}

I tried to put this in the env [] list, but it didn't help.

Thanks,

Wes



On Fri, Oct 4, 2013 at 1:44 AM, Ingela Andin <> wrote:

> Hi Wes!
>
> I have heard from several sources that they have problems connecting with
> Firefox and  Chrome
> when Elliptic curve cipher suites are enabled.  Elliptic curve ciphers
> where first supported at all in R16 and are by default enabled, although
> will not be used if the client does not claim to be able to use them.
> It does seem though that other clients can connect like curl, s_client
> (openssl), some python client and now opera.  I also know that some ECC
> ciphers are broken in openssl version 1.0.0 and 1.0.0.a.
> So it seems like it is a client problem that you may workaround by
> disabling Elliptic Curve cipher suites
> until the clients get fixed. Also R16B02 fixes an ECC bug so R16B will not
> be better then R16B02, going
> back to R15 will work as the ECC ciphers where not supported at all, but I
> can see other reasons you would not want to do that.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
>
>
> 2013/10/4 Wes James <>
>
>> Somewhere along the line I've started having issues with self-signed
>> certs.
>>
>> On xubuntu I've:
>>
>> recently upgraded chrome and firefox (both having issues)
>>
>> recently upgraded cowboy to master
>>
>> recently upgrade to 16B02 (compiled then installed)
>>
>> I'm having issues accessing sites on https now.  I get an error from
>> firefox, but try to accept but get a security error.  On chrome, it just
>> says it can't get to the site.  I then tried opera.  I have to confirm some
>> boxes on opera, but I can finally see the https sites.
>>
>> Anyone else having these issues?
>>
>> I've tried going back to 16B, but still have the issues so I'm not sure
>> if it is erlang.  I've tried compiling code with 0.8.1 of cowboy with 16B,
>> but still have the same issues (where it was working fine before), so I'm
>> not sure where the problem is.
>>
>> Thanks,
>>
>> Wes
>>
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20131004/b3fc36e1/attachment.html>


More information about the erlang-questions mailing list