[erlang-questions] Different SSL behaviours, how to pick ciphers?

André Cruz andre@REDACTED
Wed Jul 13 17:27:22 CEST 2016


Hello Fred.

> On 13 Jul 2016, at 14:41, Fred Hebert <mononcqc@REDACTED> wrote:
> 
> On 07/12, André Cruz wrote:
>> As can be seen I cannot establish a connection using the container version of Erlang. Looking at the traffic I can see that the ClientHello message specifies SSLv3 ciphers, while the version that works uses TLS1.2. How can I influence this choice of ciphers? Is it a problem with the openssl lib in the container image?
>> 
> 
> You should at the very least have some basic configuration of SSL in Erlang -- the one that ships stock isn't particularly great.

I've found the difference in the default SSL configuration between 18.3.1 and 18.3.2.

18.3.1 uses TLS1.2 records:

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 279


18.3.2 uses SSL records:

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 249

It's strange to change this default in a minor version upgrade. Is this something that can be configured? I've found that some SSL servers drop the connection immediately when SSL records are used.

Thanks,
André


More information about the erlang-questions mailing list