[erlang-questions] ERL-823: SSL cipher_suites too limited when compiling with OPENSSL_NO_EC=1

Fred Hebert mononcqc@REDACTED
Fri Jan 4 17:32:02 CET 2019


On 01/04, Ingela Andin wrote:
>Hi again!
>
>Maybe I should add that using filters where you can access each logical
>part of the cipher suite is a more powerful way to customize cipher suites
>than regular expressions over complex strings.
>Also see ssl User Guide http://erlang.org/doc/search/?q=ssl&x=0&y=0 section
>3.2
>

Agreed, it's more powerful.

But when working with established teams and policies, having a unique 
format just for Erlang tends to be problematic as non-standard. In some 
places where I've been, if you can't get the security team to approve 
the list, you are not greenlit to go to prod.

It's much, much simpler to work with non-erlang folks when we have a way 
to more easily communicate and review the lists -- mostly there may just 
be a list that will be adopted by all stacks, whether they're Erlang, 
Go, C#, ruby, or servers like nginx, and so on.

At least getting the direct mapping between both can be very useful to 
validate filtering rules and everything else :)



More information about the erlang-questions mailing list