[erlang-questions] bug : ssl losing ciphers

Nicolas Thauvin nthauvin@REDACTED
Fri Apr 8 16:13:23 CEST 2016


  We've been trying to restrict SSL ciphers to a secure set in Yaws / OTP  
R18, but only a few of them were actually taken into account (leading to  
connection issues from old browsers).

According to the documentation, one can list the availables ciphers with  
For example:


Note there are 3-tuples and 4-tuples in the result.

Now, when the customised 'ciphers' SSL option is set, its content is  
processed by ssl:binary_cipher_suites/2

(Beam you up :  

There comes the issue : this function expects all the entries to be the  
same tuple size (3 or 4) according to a matching on the first element,  
losing entries from the list when they don't match the tuple size.

The patch for ssl:binary_cipher_suites/2 is trivial, but why does  
ssl_cipher:suite() still returns a mixed-size of tuples since 4-tuples  
seems to be considered as backward compatible according to the comments ?


-- Nicolas

More information about the erlang-questions mailing list