[erlang-questions] Making SSL fail silently

Ingela Andin ingela.andin@REDACTED
Thu Mar 6 22:39:22 CET 2014


Hi!

2014-03-06 11:50 GMT+01:00 Danil Zagoskin <z@REDACTED>:

> Hello!
>
> My application is listening SSL port
> using ssl:listen, ssl:transport_accept and ssl:ssl_accept (indeed it uses
> some old patched mochiweb).
> Erlang/OTP release is R16B02.
> I use SASL for error logging.
>
> Due to existence of network scanners, network errors and buggy clients
> some of connections fail to negotiate. This leads to two kind of log
> entries:
>   1. "insufficient security", etc.
>   2. Crash reports due to a function_clause error in tls_v1:enum_to_oid(0)
> (this may be not the only one, but definitely the most popular)
>
> First one seems to be fixed by {log_alert, false} ssl option.
> Second one keeps flooding logs with huge state printouts.
>
> So, my question is: How to make all SSL-related troubles not to generate
> error reports? Simple {error, handshake_failed} returned by one of
> accepting functions would be enough.
>
>
>


The first option should logically be enough. I think the problem is that
tls_v1:enum_to_oid
should have a try and throw a handshake alert if it fails or be ignored,
depending on situation, i.e. be an expected error instead of an unexpected
error.  I will create an issue to handle that.

Regards Ingela  Erlang/OTP team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140306/48449b1b/attachment.htm>


More information about the erlang-questions mailing list