[erlang-questions] TLS errors

Ingela Andin <>
Wed Sep 2 08:59:24 CEST 2015


Hi!

This I suspect is because of of ssl in OTP 18 no longer supports legacy
insecure ciphers and SSL/TLS versions by default. If needed
for interoperability they can still be configured.

>From the release notes:

"Remove default support for SSL-3.0, due to Poodle vunrability in protocol
specification.

Add padding check for TLS-1.0 to remove Poodle vunrability from TLS 1.0,
also add the option padding_check. This option only affects TLS-1.0
connections and if set to false it disables the block cipher padding check
to be able to interoperate with legacy software.

Remove default support for RC4 cipher suites, as they are consider too
weak."

2015-09-01 18:44 GMT+02:00 Roberto Ostinelli <>:

> Dear all,
> I'm using SSL with Cowboy and I keep on getting these kind of errors in
> the logs:
>
> SSL: hello: tls_handshake.erl:167:Fatal error: insufficient security
>

Could not find any common algorithms



> SSL: hello: tls_handshake.erl:174:Fatal error: protocol version
>

No accetable TLS protocol version



> SSL: certify: ssl_alert.erl:93:Fatal error: bad certificate
> SSL: hello: tls_handshake.erl:118:Fatal error: inappropriate fallback
>

Prevention of Poodle



> SSL: cipher: ssl_cipher.erl:292:Fatal error: bad record mac
>
> I've started seeing those after I've upgraded to Erlang 18.0.2. This
> wasn't happening in 17.5.
>
> Has anyone seen this, and has clues for me to pinpoint what the problem is?
> Also, is there anyway for me to recover the originating IP address?
>
> Any help appreciated.
>
>
Regards Ingela Erlang/OTP team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150902/ded9531a/attachment.html>


More information about the erlang-questions mailing list