[erlang-questions] Force TLS v1.2

Frank Muller frank.muller.erl@REDACTED
Fri Apr 26 08:22:57 CEST 2019

Hi guys

I’m trying to connect to a remote SSL server using a filtering Proxy in

First, I try to establish a normal TCP connection to this local Proxy using
the CONNECT word.

Second, I upgrade the TCP socket to SSL as in this snippet code:

tcp_client() ->
    {ok, TcpSock} = gen_tcp:connect("local_proxy_f
or_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]),

    ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>),
    … got 200OK ...

ssl_client() ->
  TcpSocket = tcp_client(),
  Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions,
['tlsv1.2']} ],
  {ok, Sock} = ssl:connect(TcpSocket, Opts).

connect() ->
      SslSocket = ssl_client(),
      ok = ssl:send(SslSocket, <<"...some data...">>),

When i call the ssl:send/2, the remote SSL server (I’ve no control on this
server) immediately closes the connection with {error, closed}.

Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've

a. is it the right way to establish an SSL connection via a proxy?

b. how can I really ensure I’m using SSL v1.2 and not v1.3?

My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very
restricted environment: no sudo, no direct internet access

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190426/b77eb4f5/attachment.htm>

More information about the erlang-questions mailing list