[erlang-questions] ssl issue
Loco Jay
locojaydev@REDACTED
Fri Jan 3 03:34:15 CET 2014
Thank you very much
On Thursday, January 2, 2014, Andreas Schultz wrote:
> Hi,
>
> Found it, curve selection in server mode is broken in at least R16B3 and
> R17.
> Fix send in github pull request: https://github.com/erlang/otp/pull/183
>
> The same fix also applies to R16B3.
>
> Andreas
>
> ----- Original Message -----
> > Hi Loco,
> >
> > The root cause of this problem is the elliptic curve used in the ECDHE
> key
> > exchange. Chrome (and probably the other failing clients) support only a
> > limited set of curves (chrome only does secp256r1, secp384r1 and
> secp521r1).
> >
> > Erlang's ECDHE support is currently hard coded to always use secp256k1.
> >
> > Obviously, this will not work. Excluding all ECDHE cipher suites will
> work
> > around that problem. The correct fix will be to teach Erlang SSL to
> select
> > the correct curve.
> >
> > Andreas
> >
> > ----- Original Message -----
> > >
> > >
> > > Hi,
> > >
> > > I am having an issue getting ssl to work
> > >
> > > Hi,
> > >
> > > I am having an ssl issue
> > >
> > > The following gist
> > >
> > >
> > > https://gist.github.com/locojay/8188721
> > >
> > > list’s how to install my setup (ubuntu 12.04 vagrant box, esl erlang
> > > R16B03,
> > > ssl 5.3.2, cowboy's ssl_example on master).
> > >
> > >
> > > I tested the following clients:
> > >
> > >
> > > - curl, chrome , firefox, safari, python requests
> > >
> > > on ubuntu 12.10 and osx 10.9 mavericks
> > >
> > > with the following result's
> > >
> > >
> > >
> > >
> > > CHROME | FIREFOX | SAFARI | CURL
> > >
> > > UBUNTU fails | fails | na | works
> > >
> > > OSX fails | fails(long stacktrace) | fails | fails
> > >
> > >
> > >
> > >
> > > the gist contains server/client log’s for these options
> > >
> > >
> > >
> > >
> > > I'm using the cowboy ssl example to demonstrate my problem. Using an
> other
> > > self signed, or signed certificate results in the same issue.
> > >
> > > Creating a pem file of the example key, cert ca-cert and using in
> ejabberd
> > > 13.12 works fine with all browser’s.
> > >
> > > which:applications() in ejabberd 13.12 return’s ssl 5.3.2
> > >
> > > I am confused since i thought that the issue would have been the ssl
> app
> > > since we have
> > >
> > >
> > > cowboy —> ranch —> sslapp
> > >
> > > I am out of idea’s and would really appreciate any help
> > >
> > > Many thanks
> > >
> > > _______________________________________________
> > > erlang-questions mailing list
> > > erlang-questions@REDACTED
> > > http://erlang.org/mailman/listinfo/erlang-questions
> > >
> >
> > --
> > --
> > Dipl. Inform.
> > Andreas Schultz
> >
> > email: as@REDACTED
> > phone: +49-391-819099-224
> > mobil: +49-170-2226073
> >
> > ------------------- enabling your networks -------------------
> >
> > Travelping GmbH phone: +49-391-819099229
> > Roentgenstr. 13 fax: +49-391-819099299
> > D-39108 Magdeburg email: info@REDACTED
> > GERMANY web: http://www.travelping.com
> >
> > Company Registration: Amtsgericht Stendal Reg No.: HRB 10578
> > Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
> > --------------------------------------------------------------
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
> >
>
> --
> --
> Dipl. Inform.
> Andreas Schultz
>
> email:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140102/b4609735/attachment.htm>
More information about the erlang-questions
mailing list