[erlang-questions] Unknown error while using SSL/TLS

Ingela Andin ingela.andin@REDACTED
Thu Aug 9 09:53:47 CEST 2018


Hi!


I  believe the bug could be solved by the following patch:

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 40d974f..aa453fe 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2555,6 +2555,8 @@ ecdsa_signed_suites(Ciphers, Version) ->

 rsa_keyed(dhe_rsa) ->
     true;
+rsa_keyed(ecdhe_rsa) ->
+    true;
 rsa_keyed(rsa) ->
     true;
 rsa_keyed(rsa_psk) ->
@@ -2618,6 +2620,8 @@ ec_keyed(ecdh_ecdsa) ->
     true;
 ec_keyed(ecdh_rsa) ->
     true;
+ec_keyed(ecdhe_ecdsa) ->
+    true;
 ec_keyed(_) ->
     false.


Regards Ingela Erlang/OTP Team






2018-08-08 14:23 GMT+02:00 Leo Liu <sdl.web@REDACTED>:

> On 2018-08-07 16:19 -0300, Amin Arria wrote:
> > I have an application using cowboy with SSL/TLS. For some reason it has
> > stopped accepting connections and giving SSL erros to the clients
> > connecting.
> >
> > The only piece of info the server gives is "TLS server: In state certify
> > received CLIENT ALERT: Fatal - Illegal Parameter" and I can't find
> anything
> > about. Do you know anything?
>
> I have to debug such an issue some weeks ago. I got a call for help near
> midnight and wasted nearly 3 hours to get it working (sort of).
>
> Something changed between OTP 20.3.2 and 20.3.8.3 that makes some
> certificates unhappy. I bypassed it by using SSL application from 20.3.2
> with OTP 20.3.8.3. There is some bug somewhere.
>
> Leo
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180809/028f66d4/attachment.htm>


More information about the erlang-questions mailing list