[erlang-questions] Force TLS v1.2
Frank Muller
frank.muller.erl@REDACTED
Fri Apr 26 08:22:57 CEST 2019
Hi guys
I’m trying to connect to a remote SSL server using a filtering Proxy in
between.
First, I try to establish a normal TCP connection to this local Proxy using
the CONNECT word.
Second, I upgrade the TCP socket to SSL as in this snippet code:
_______________________________
tcp_client() ->
{ok, TcpSock} = gen_tcp:connect("local_proxy_f
or_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]),
ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>),
… got 200OK ...
TcpSocket.
ssl_client() ->
TcpSocket = tcp_client(),
Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions,
['tlsv1.2']} ],
{ok, Sock} = ssl:connect(TcpSocket, Opts).
connect() ->
SslSocket = ssl_client(),
ok = ssl:send(SslSocket, <<"...some data...">>),
…
ok.
_______________________________
When i call the ssl:send/2, the remote SSL server (I’ve no control on this
server) immediately closes the connection with {error, closed}.
Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've
got).
Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?
My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very
restricted environment: no sudo, no direct internet access
/Frank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190426/b77eb4f5/attachment.htm>
More information about the erlang-questions
mailing list