[erlang-questions] Making SSL fail silently

Danil Zagoskin z@REDACTED
Fri Mar 7 11:14:32 CET 2014


Thank you!

May I help you? Test case, pull request, etc?


2014-03-07 1:39 GMT+04:00 Ingela Andin <ingela.andin@REDACTED>:

> Hi!
>
> 2014-03-06 11:50 GMT+01:00 Danil Zagoskin <z@REDACTED>:
>
> Hello!
>>
>> My application is listening SSL port
>> using ssl:listen, ssl:transport_accept and ssl:ssl_accept (indeed it uses
>> some old patched mochiweb).
>> Erlang/OTP release is R16B02.
>> I use SASL for error logging.
>>
>> Due to existence of network scanners, network errors and buggy clients
>> some of connections fail to negotiate. This leads to two kind of log
>> entries:
>>   1. "insufficient security", etc.
>>   2. Crash reports due to a function_clause error
>> in tls_v1:enum_to_oid(0) (this may be not the only one, but definitely the
>> most popular)
>>
>> First one seems to be fixed by {log_alert, false} ssl option.
>> Second one keeps flooding logs with huge state printouts.
>>
>> So, my question is: How to make all SSL-related troubles not to generate
>> error reports? Simple {error, handshake_failed} returned by one of
>> accepting functions would be enough.
>>
>>
>>
>
>
> The first option should logically be enough. I think the problem is that
> tls_v1:enum_to_oid
>  should have a try and throw a handshake alert if it fails or be ignored,
> depending on situation, i.e. be an expected error instead of an unexpected
> error.  I will create an issue to handle that.
>
> Regards Ingela  Erlang/OTP team - Ericsson AB
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>


-- 
---------------------------------------------
Данил Загоскин | +7 906 064 20 47 | z@REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140307/af8985ed/attachment.htm>


More information about the erlang-questions mailing list