[erlang-questions] Erlang/OTP 21.0-rc1 (Release Candidate)

[Roger Lipscombe]

On 4 May 2018 at 08:32, Ingela Andin <ingela.andin@REDACTED> wrote:
> This error is consistent with one of the errors I am seeing in the nightly
> builds when running OpenSSL with only default parameters so I suspect
> something is off in combination
> version negotiation and cipher suite selection checks. I am looking in to
> it!

I'm seeing the same, if it helps to reproduce. I generated my certificates with:

#!/bin/sh

# Create the CA key and certificate.
openssl genrsa -out ca.key 2048
openssl req -new -x509 -nodes -key ca.key -days 3653 -out ca.pem -subj
"/CN=Test CA"

# Create the server key and CSR.
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/CN=localhost"

# Sign the CSR with the CA key.
serial=$(date +"%s")
openssl x509 -req -days 3563 -CA ca.pem -CAserial $serial
-CAcreateserial -CAkey ca.key -in server.csr -out server.pem
rm $serial

I tested with:

% Server
{ok, _} = application:ensure_all_started(ssl).
Port = 11002.
LOpts = [{certfile, "server.pem"}, {keyfile, "server.key"}].
{ok, LSock} = ssl:listen(Port, LOpts).
{ok, CSock} = ssl:transport_accept(LSock).
ok = ssl:ssl_accept(CSock).

% Client
{ok, _} = application:ensure_all_started(ssl).
Port = 11002.
COpts = [{verify, verify_peer}, {cacertfile, "ca.pem"}].
{ok, Sock} = ssl:connect("localhost", Port, COpts).

The server reports:

=INFO REPORT==== 4-May-2018::11:22:20.971130 ===
TLS server: In state hello at tls_handshake.erl:130 generated SERVER
ALERT: Fatal - Handshake Failure - malformed_handshake_data

** exception error: no match of right hand side value
{error,{tls_alert,"handshake failure"}}

The client reports:

=INFO REPORT==== 4-May-2018::11:22:20.981524 ===
TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure

** exception error: no match of right hand side value
{error,{tls_alert,"handshake failure"}}

The same code works fine with 20.3.1

Thanks,
Roger.