[erlang-questions] SSL handshake failure

Technion <>
Wed Dec 21 09:38:20 CET 2016


Hi Justin,


Is this earlier discussion relevant:


http://erlang.org/pipermail/erlang-questions/2016-November/090780.html




________________________________
From:  <> on behalf of Justin Wood <>
Sent: Wednesday, 21 December 2016 11:56 AM
To: 
Subject: [erlang-questions] SSL handshake failure

Hi there,

I am attempting to use the ssl module in order to get a socket to a remote server (MongoDB). I am using the following line of code (OTP 19)

ssl:connect("my-server.net<http://my-server.net>", 27017, [binary, {active, false}, {packet, raw}], 5000).

Whenever I use this, I get the following:

=ERROR REPORT==== 20-Dec-2016::19:13:13 ===
SSL: certify: tls_connection.erl:603:Fatal error: handshake failure - malformed_handshake
{error,{tls_alert,"handshake failure"}}

Which lead me to look into erlang:get_stacktrace/0

erlang:get_stacktrace().
[{tls_connection,start_fsm,8,
                 [{file,"tls_connection.erl"},{line,79}]},
 {ssl_connection,connect,8,
                 [{file,"ssl_connection.erl"},{line,84}]},
 {erl_eval,do_apply,6,[{file,"erl_eval.erl"},{line,674}]},
 {shell,exprs,7,[{file,"shell.erl"},{line,686}]},
 {shell,eval_exprs,7,[{file,"shell.erl"},{line,641}]},
 {shell,eval_loop,3,[{file,"shell.erl"},{line,626}]}]

My problem is that the certificate that the server is using should be legitimate. I can connect, without error, using other clients and languages.

I took a look through Wireshark in order to try and figure out what is going on and this is what I see.

* The Client says hello and presents a list of cipher suites.
* The Server says hello and says that it wants to use TLS_RSA_WITH_AES_256_GCM_SHA384 (This cipher is in the list that the client sends)
* The Server sends the Client the certificates it is using (these both appear to be signed by DigiCert).
* The Server sends an encrypted handshake message.
* The Client responds with a Fatal Alert stating a Handshake Failure.
* The Server sends another encrypted handshake message.

I have verified that ssl:connect/4 is working fine as I can connect to a number of different miscellaneous services (including a number of other MongoDB instances).

I was wondering if there is anything else I can do to try and figure out why erlang does not allow this connection.

Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20161221/c6873cce/attachment.html>


More information about the erlang-questions mailing list