[erlang-questions] ssl issue

Andreas Schultz aschultz@REDACTED
Thu Jan 2 11:46:05 CET 2014


Hi,

Found it, curve selection in server mode is broken in at least R16B3 and R17.
Fix send in github pull request: https://github.com/erlang/otp/pull/183

The same fix also applies to R16B3.

Andreas

----- Original Message -----
> Hi Loco,
> 
> The root cause of this problem is the elliptic curve used in the ECDHE key
> exchange. Chrome (and probably the other failing clients) support only a
> limited set of curves (chrome only does secp256r1, secp384r1 and secp521r1).
> 
> Erlang's ECDHE support is currently hard coded to always use secp256k1.
> 
> Obviously, this will not work. Excluding all ECDHE cipher suites will work
> around that problem. The correct fix will be to teach Erlang SSL to select
> the correct curve.
> 
> Andreas
> 
> ----- Original Message -----
> > 
> > 
> > Hi,
> > 
> > I am having an issue getting ssl to work
> > 
> > Hi,
> > 
> > I am having an ssl issue
> > 
> > The following gist
> > 
> > 
> > https://gist.github.com/locojay/8188721
> > 
> > list’s how to install my setup (ubuntu 12.04 vagrant box, esl erlang
> > R16B03,
> > ssl 5.3.2, cowboy's ssl_example on master).
> > 
> > 
> > I tested the following clients:
> > 
> > 
> > - curl, chrome , firefox, safari, python requests
> > 
> > on ubuntu 12.10 and osx 10.9 mavericks
> > 
> > with the following result's
> > 
> > 
> > 
> > 
> > CHROME | FIREFOX | SAFARI | CURL
> > 
> > UBUNTU fails | fails | na | works
> > 
> > OSX fails | fails(long stacktrace) | fails | fails
> > 
> > 
> > 
> > 
> > the gist contains server/client log’s for these options
> > 
> > 
> > 
> > 
> > I'm using the cowboy ssl example to demonstrate my problem. Using an other
> > self signed, or signed certificate results in the same issue.
> > 
> > Creating a pem file of the example key, cert ca-cert and using in ejabberd
> > 13.12 works fine with all browser’s.
> > 
> > which:applications() in ejabberd 13.12 return’s ssl 5.3.2
> > 
> > I am confused since i thought that the issue would have been the ssl app
> > since we have
> > 
> > 
> > cowboy —> ranch —> sslapp
> > 
> > I am out of idea’s and would really appreciate any help
> > 
> > Many thanks
> > 
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
> > 
> 
> --
> --
> Dipl. Inform.
> Andreas Schultz
> 
> email: as@REDACTED
> phone: +49-391-819099-224
> mobil: +49-170-2226073
> 
> ------------------- enabling your networks -------------------
> 
> Travelping GmbH               phone:         +49-391-819099229
> Roentgenstr. 13               fax:           +49-391-819099299
> D-39108 Magdeburg             email:       info@REDACTED
> GERMANY                       web:   http://www.travelping.com
> 
> Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
> --------------------------------------------------------------
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------- enabling your networks -------------------

Travelping GmbH               phone:         +49-391-819099229
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------



More information about the erlang-questions mailing list