[erlang-questions] Force TLS v1.2

WW kingwang98@REDACTED
Fri Apr 26 15:34:34 CEST 2019


Dialyzer warning if not export my function convert_result_and_exit/1

%%% ###=====================================================================###-spec convert_result_and_exit(any()) -> no_return().%%% ###=====================================================================###convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)-> exit({error, ErrReason});convert_result_and_exit(no_permission)-> exit(no_permission);convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}).


got a warning from dialyzer:
1569: The variable _E can never match since previous clauses completely covered the type 'no_permission' | {'error',binary()}

Anybody has an explanation why ?   
Dialyzer   bug ?
Best regards//KW




Best Regards W.W.(KingWang) 

    On Friday, April 26, 2019, 8:26:00 AM GMT+2, Frank Muller <frank.muller.erl@REDACTED> wrote:  
 
 Small typo in ssl_client/0:_______________________________
tcp_client() ->
    {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_fitering", 12345, [ binary, {active, true}, {packet. 0} ]),
    ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>),
    … got 200OK ...
    TcpSocket.

ssl_client() ->
  TcpSocket = tcp_client(),
  Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ],
  {ok, Sock} = ssl:connect(TcpSocket, Opts),   Sock.

connect() ->
      SslSocket = ssl_client(),
      ok = ssl:send("...some data...">>, SslSocket),
      …
      ok.
_______________________________



Hi guys

I’m trying to connect to a remote SSL server using a filtering Proxy in between.

First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word.
Second, I upgrade the TCP socket to SSL as in this snippet code:

_______________________________
tcp_client() ->
    {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]),
    ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>),
    … got 200OK ...
    TcpSocket.

ssl_client() ->
  TcpSocket = tcp_client(),
  Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ],
  {ok, Sock} = ssl:connect(TcpSocket, Opts).

connect() ->
      SslSocket = ssl_client(),
      ok = ssl:send(SslSocket, <<"...some data...">>),      …
      ok.
_______________________________

When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}. 
Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).

Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?

My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access
/Frank

_______________________________________________
erlang-questions mailing list
erlang-questions@REDACTED
http://erlang.org/mailman/listinfo/erlang-questions
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190426/de3de089/attachment.htm>


More information about the erlang-questions mailing list