[erlang-questions] Erlang/OTP 20.3 has been released

Ingela Andin ingela.andin@REDACTED
Thu Mar 15 10:45:01 CET 2018


Hi!

This might be an interop problem due to AEAD cipher suites wrongly being
filtered out.
Could you please try the following patch?

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 62a172c..59cf05f 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2175,6 +2175,8 @@ is_acceptable_cipher(Cipher, Algos) ->

 is_acceptable_hash(null, _Algos) ->
     true;
+is_acceptable_hash(aead, _Algos) ->
+    true;
 is_acceptable_hash(Hash, Algos) ->
     proplists:get_bool(Hash, Algos).



Regards Ingela Erlang/OTP team - Ericsson AB



2018-03-15 10:02 GMT+01:00 Ingela Andin <ingela.andin@REDACTED>:

> Hi!
>
> If this is a bug is hard to tell form the information you provided. Do you
> have any Erlang log printouts? Can you give me a way to reproduce it? If
> you have more information that you do not want to share publicly you can
> send
> me a private mail.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
> 2018-03-14 17:02 GMT+01:00 Wes James <comptekki@REDACTED>:
>
>> With this version I am now getting ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
>> when going to my https cowboy app in chrome Version 65.0.3325.162 and a
>> similar error in firefox.  My app uses a self-signed certificate.  It works
>> fine with otp 20.2.4. Is there a way to fix this for self-signed certs?  I
>> tried a few things suggested on some web searches, but I still get the same
>> error.  For one, I tried adding the cert to the system keychain on my mac
>> and selected always trust.  If this is a bug, let me know and I'll report
>> it in the tracker.
>>
>> Thanks,
>>
>> -wes
>>
>> On Wed, Mar 14, 2018 at 3:46 AM, Henrik Nord X <
>> henrik.x.nord@REDACTED> wrote:
>>
>>> Erlang/OTP 20.3 is the third service release for the 20 major release.
>>> The service release contains mostly bug fixes and characteristics
>>> improvements but also some new features.
>>>
>>> Some highlights for 20.3
>>>
>>>
>>> Application(s): ssl
>>>
>>>                Added new API functions to facilitate cipher suite
>>>                handling
>>>
>>> Application(s): erts, observer
>>>
>>>                More crash dump info such as: process binary virtual
>>>                heap stats, full info for process causing out-of-mem
>>>                during GC, more port related info, and dirty scheduler
>>>                info.
>>>
>>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180315/3e34c9bb/attachment.htm>


More information about the erlang-questions mailing list