[erlang-questions] New SSL option to set TLS record version?

Ingela Andin ingela.andin@REDACTED
Wed May 16 12:05:09 CEST 2018


Hi!

It would be thinkable to have such an option for introp reasons. PR are
welcome.

Regards Ingela Erlang/OTP Team - Ericsson AB

2018-05-09 17:30 GMT+02:00 Ryan Stewart <zzantozz@REDACTED>:

> I've run across a faulty SSL server implementation that appears to send a
> "handshake failure" alert if the ClientHello protocol version isn't equal
> to the TLS record version. In Erlang, different major versions choose the
> TLS record version differently. None of them are wrong according the TLS
> spec, but some of them break when I'm trying to connect to these bad server
> implementations.
>
> What do you think of adding a new ssl_option like "client_hello_tls_record_version"
> to let us explicitly set the version to be used? Ideally, it would support
> values like 'tlsv1', 'tlsv1_2', 'lowest', 'highest', and
> 'same_as_client_hello', for example.
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180516/f5193a5b/attachment.htm>


More information about the erlang-questions mailing list