[erlang-questions] ssl issue

Andreas Schultz aschultz@REDACTED
Thu Jan 2 10:54:48 CET 2014 

Hi Loco,

The root cause of this problem is the elliptic curve used in the ECDHE key
exchange. Chrome (and probably the other failing clients) support only a
limited set of curves (chrome only does secp256r1, secp384r1 and secp521r1).

Erlang's ECDHE support is currently hard coded to always use secp256k1.

Obviously, this will not work. Excluding all ECDHE cipher suites will work
around that problem. The correct fix will be to teach Erlang SSL to select
the correct curve.

Andreas

----- Original Message -----
> 
> 
> Hi,
> 
> I am having an issue getting ssl to work
> 
> Hi,
> 
> I am having an ssl issue
> 
> The following gist
> 
> 
> https://gist.github.com/locojay/8188721
> 
> list’s how to install my setup (ubuntu 12.04 vagrant box, esl erlang R16B03,
> ssl 5.3.2, cowboy's ssl_example on master).
> 
> 
> I tested the following clients:
> 
> 
> - curl, chrome , firefox, safari, python requests
> 
> on ubuntu 12.10 and osx 10.9 mavericks
> 
> with the following result's
> 
> 
> 
> 
> CHROME | FIREFOX | SAFARI | CURL
> 
> UBUNTU fails | fails | na | works
> 
> OSX fails | fails(long stacktrace) | fails | fails
> 
> 
> 
> 
> the gist contains server/client log’s for these options
> 
> 
> 
> 
> I'm using the cowboy ssl example to demonstrate my problem. Using an other
> self signed, or signed certificate results in the same issue.
> 
> Creating a pem file of the example key, cert ca-cert and using in ejabberd
> 13.12 works fine with all browser’s.
> 
> which:applications() in ejabberd 13.12 return’s ssl 5.3.2
> 
> I am confused since i thought that the issue would have been the ssl app
> since we have
> 
> 
> cowboy —> ranch —> sslapp
> 
> I am out of idea’s and would really appreciate any help
> 
> Many thanks
> 
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------- enabling your networks -------------------

Travelping GmbH               phone:         +49-391-819099229
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------

More information about the erlang-questions mailing list