[erlang-questions] bug : ssl losing ciphers
Fri Apr 8 16:13:23 CEST 2016
We've been trying to restrict SSL ciphers to a secure set in Yaws / OTP
R18, but only a few of them were actually taken into account (leading to
connection issues from old browsers).
According to the documentation, one can list the availables ciphers with
Note there are 3-tuples and 4-tuples in the result.
Now, when the customised 'ciphers' SSL option is set, its content is
processed by ssl:binary_cipher_suites/2
(Beam you up :
There comes the issue : this function expects all the entries to be the
same tuple size (3 or 4) according to a matching on the first element,
losing entries from the list when they don't match the tuple size.
The patch for ssl:binary_cipher_suites/2 is trivial, but why does
ssl_cipher:suite() still returns a mixed-size of tuples since 4-tuples
seems to be considered as backward compatible according to the comments ?
More information about the erlang-questions