[erlang-questions] ERL-823: SSL cipher_suites too limited when compiling with OPENSSL_NO_EC=1
Thu Jan 3 22:24:37 CET 2019
This is a configuration problem I suggest solutions in the ERL-823.
Regards Ingela Erlang/OTP team
Den tors 3 jan. 2019 kl 21:18 skrev Nicholas Lundgaard <
> I wanted to call ERL-823 (https://bugs.erlang.org/browse/ERL-823) to this
> list's attention. My company operates Erlang microservices in AWS on a
> kerl-built OTP installation on Amazon Linux (RedHat/CentOS-based), and
> we've encountered a serious challenge to upgrading to OTP 21: When you
> disable OpenSSL EC ciphers during an OTP build, which is necessary to build
> an OTP installation that doesn't erroneously think it has a bunch of EC
> ciphers that aren't built into the underlying OpenSSL, you're no longer
> able to connect to google.com via https (not to mention many, many other
> web properties, like much of AWS infrastructure).
> It confuses me that there is not a simpler way to align the Erlang
> crypto/ssl cipher support with the underlying openssl installation it's
> linked to, but that notwithstanding, It would be really helpful to have a
> flag to build OTP with support for RedHat/Fedora's EC cipher subset, or
> something similar to this.
> —Nicholas Lundgaard
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions