[erlang-questions] Different SSL behaviours, how to pick ciphers?

André Cruz andre@REDACTED
Tue Jul 12 19:51:50 CEST 2016


Hello.

I'm observing different behaviours when running my Erlang code on two Erlang 18 beam instances. One is running on my macos machine provided by home-brew, and the other comes from the erlang:18 container:

macos:

Erlang/OTP 18 [erts-7.3] [source] [64-bit] [smp:4:4] [async-threads:0] [hipe] [kernel-poll:false] [dtrace]
Eshell V7.3  (abort with ^G)

1> ssl:versions().
[{ssl_app,"7.3"},
 {supported,['tlsv1.2','tlsv1.1',tlsv1]},
 {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
2> ssl:connect("test.search.windows.net", 443,  [], infinity).
{ok,{sslsocket,{gen_tcp,#Port<0.29349>,tls_connection,
                        undefined},
               <0.109.0>}}


linux container:

Erlang/OTP 18 [erts-7.3.1] [source] [64-bit] [smp:2:2] [async-threads:0] [hipe] [kernel-poll:false]
Eshell V7.3.1  (abort with ^G)

1> ssl:versions().
[{ssl_app,"7.3.3"},
 {supported,['tlsv1.2','tlsv1.1',tlsv1]},
 {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
2> ssl:connect("test.search.windows.net", 443,  [], infinity).
{error,closed}

As can be seen I cannot establish a connection using the container version of Erlang. Looking at the traffic I can see that the ClientHello message specifies SSLv3 ciphers, while the version that works uses TLS1.2. How can I influence this choice of ciphers? Is it a problem with the openssl lib in the container image?

Thank you and best regards,
André Cruz


More information about the erlang-questions mailing list