[erlang-questions] Erlang/OTP 21.0-rc1 (Release Candidate)
Loïc Hoguin
essen@REDACTED
Thu May 3 18:08:07 CEST 2018
Hello,
On 05/03/2018 01:54 PM, Loïc Hoguin wrote:
> * SSL is broken. See [1] for example. I can see the same thing happening
> on 5 different Linux distributions (with different OpenSSL versions) and
> on OSX. A quick try in the shell is not much better:
OK it's just a very misleading error message I think.
Switching my server's test keys from RSA to DSA fixes it so I think this
issue is caused by:
OTP-14769 Application(s): ssl
For security reasons RSA-key exchange cipher suites are
no longer supported by default
Still, it probably should provide a more helpful error message than this:
*** System report during acceptor_SUITE:ssl_echo/1 in ssl 2018-05-03
11:13:04.343 ***
=INFO REPORT==== 3-May-2018::11:13:04.342940 ===
TLS server: In state hello at tls_handshake.erl:130 generated SERVER
ALERT: Fatal - Handshake Failure - malformed_handshake_data
*** System report during acceptor_SUITE:ssl_echo/1 in ssl 2018-05-03
11:13:04.348 ***
=INFO REPORT==== 3-May-2018::11:13:04.348265 ===
TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure
"malformed_handshake_data" sounds like the client would have sent a
malformed handshake, ie bad data, when the actual issue seems to be that
the certificate configured is no longer supported. The server generating
an alert about its own certificate doesn't sound quite right either.
That being said I do not really know the intent so I'm guessing a bit.
All I know for sure is that it's confusing.
Cheers,
--
Loïc Hoguin
https://ninenines.eu
More information about the erlang-questions
mailing list