[erlang-questions] Different SSL behaviours, how to pick ciphers?
André Cruz
andre@REDACTED
Tue Jul 12 19:51:50 CEST 2016
Hello.
I'm observing different behaviours when running my Erlang code on two Erlang 18 beam instances. One is running on my macos machine provided by home-brew, and the other comes from the erlang:18 container:
macos:
Erlang/OTP 18 [erts-7.3] [source] [64-bit] [smp:4:4] [async-threads:0] [hipe] [kernel-poll:false] [dtrace]
Eshell V7.3 (abort with ^G)
1> ssl:versions().
[{ssl_app,"7.3"},
{supported,['tlsv1.2','tlsv1.1',tlsv1]},
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
2> ssl:connect("test.search.windows.net", 443, [], infinity).
{ok,{sslsocket,{gen_tcp,#Port<0.29349>,tls_connection,
undefined},
<0.109.0>}}
linux container:
Erlang/OTP 18 [erts-7.3.1] [source] [64-bit] [smp:2:2] [async-threads:0] [hipe] [kernel-poll:false]
Eshell V7.3.1 (abort with ^G)
1> ssl:versions().
[{ssl_app,"7.3.3"},
{supported,['tlsv1.2','tlsv1.1',tlsv1]},
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
2> ssl:connect("test.search.windows.net", 443, [], infinity).
{error,closed}
As can be seen I cannot establish a connection using the container version of Erlang. Looking at the traffic I can see that the ClientHello message specifies SSLv3 ciphers, while the version that works uses TLS1.2. How can I influence this choice of ciphers? Is it a problem with the openssl lib in the container image?
Thank you and best regards,
André Cruz
More information about the erlang-questions
mailing list