[erlang-questions] Cowboy SSL issues with Chrome/FF

James Lyons <>
Fri Jan 10 17:41:08 CET 2014


Ingela, Andreas,  
 
 Thanks for your responses. I actually just found someone else who asked the same question a week ago (which Andreas answered), sorry for the duplication. New to the mailing list. 

http://erlang.org/pipermail/erlang-questions/2014-January/076385.html

Thanks! 

-- 
James Lyons


On Friday, January 10, 2014 at 4:35 AM, Andreas Schultz wrote:

> Hi,
> 
> Also, R16B03 will attempt to use a curve in ECDHE exchanges that is not
> supported by Chrome. Either exclude all ECDHE ciphers from the cipher list
> or apply the change from https://github.com/erlang/otp/pull/183
> 
> Andreas
> 
> ----- Original Message -----
> > Hi!
> > 
> > This is problem is resolved in the latest version of the ssl application. The
> > reason it works with some browser and not with others is that some browsers
> > does not correctly ignore unknown ssl hello extensions, and the erlang ssl
> > application sent an incorrect extension (which of course it should not) but
> > a correct SSL/TLS implementation will ignored it!
> > 1.1 SSL 5.3.2
> > Fixed Bugs and Malfunctions
> > 
> > 
> > *
> > 
> > Honors the clients advertised support of elliptic curves and no longer sends
> > incorrect elliptic curve extension in server hello.
> > 
> > Own Id: OTP-11370
> > 
> > Regards Ingela Erlang/OTP team - Ericsson AB
> > 
> > 
> > 2014/1/9 James Lyons <  (mailto:) >
> > 
> > 
> > 
> > Using certificates from StartSSL and GoGetSSL, cowboy site fails to load on
> > Chrome v31 with "ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED" on mac & ubuntu and
> > FF v26 with "Error code: sec_error_invalid_key" on mac and ubuntu.
> > 
> > Site will load in Safari properly and certificate shows as valid.
> > 
> > Anyone seen this behavior before?
> > 
> > Thanks!
> > 
> > --
> > James Lyons
> > 
> > 
> > _______________________________________________
> > erlang-questions mailing list
> >  (mailto:)
> > http://erlang.org/mailman/listinfo/erlang-questions
> > 
> > 
> > 
> > _______________________________________________
> > erlang-questions mailing list
> >  (mailto:)
> > http://erlang.org/mailman/listinfo/erlang-questions
> > 
> 
> 
> -- 
> -- 
> Dipl. Inform.
> Andreas Schultz
> 
> email:  (mailto:)
> phone: +49-391-819099-224
> mobil: +49-170-2226073
> 
> ------------------- enabling your networks -------------------
> 
> Travelping GmbH phone: +49-391-819099229
> Roentgenstr. 13 fax: +49-391-819099299
> D-39108 Magdeburg email:  (mailto:)
> GERMANY web: http://www.travelping.com
> 
> Company Registration: Amtsgericht Stendal Reg No.: HRB 10578
> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
> --------------------------------------------------------------
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140110/ce63a203/attachment.html>


More information about the erlang-questions mailing list