[erlang-questions] TLS cipher suite with Galois Counter Mode (GCM)

John Foldager <>
Wed Sep 9 09:37:48 CEST 2015


 Output from that command gives:

ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD

As Danil mentioned we need to upgrade Erlang to OTP 18, but then we
must first verify if RabbitMQ is supported on that Erlang version.

Thanks!

On Tue, Sep 8, 2015 at 2:05 PM, Tuncer Ayaz <> wrote:
> On Tue, Sep 8, 2015 at 1:58 PM, John Foldager wrote:
>> We're using RabbitMQ and now have a request for supporting the
>> following cipher suites:
>>
>>     TLS_RSA_WITH_AES_128_GCM_SHA256 (0X009C)
>>     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  (0XC02F)
>>     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0X009E)
>>     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0XC02B)
>>
>> However, if we use the following commands from the Erlang CLI we
>> don't see these cipher suites:
>>
>>     io:format("~p", [ssl:cipher_suites(openssl)]).
>>     io:format("~p", [ssl:cipher_suites(erlang)]).
>>
>> So how can we make these cipher suites available to Erlang.... and
>> then RabbitMQ that runs on top of Erlang?
>
> To rule out the obvious and assuming there's no difference in the
> OpenSSL install between the build and deploy host, does openssl
> list it as available?
>
> $ openssl ciphers -v|grep AES128-GCM-SHA256


More information about the erlang-questions mailing list