Erlang OTP 23.0-rc2 is available for testing

Loïc Hoguin essen@REDACTED
Thu Mar 26 10:23:15 CET 2020


Hello,

Under a specific configuration of ssl we are getting the following 
system reports:

*** System report during acceptor_SUITE:ssl_sni_echo/1 in ssl 2020-03-25 
18:27:00.926 ***
=NOTICE REPORT==== 25-Mar-2020::18:27:00.926666 ===
TLS server: In state hello at tls_handshake.erl:231 generated SERVER 
ALERT: Fatal - Handshake Failure
  - malformed_handshake_data

*** System report during acceptor_SUITE:ssl_sni_echo/1 in ssl 2020-03-25 
18:27:00.935 ***
=NOTICE REPORT==== 25-Mar-2020::18:27:00.935747 ===
TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure

The server configuration is [{sni_hosts, [{"localhost", Opts}]}] where 
Opts has cert/key self-generated (using the old erl_make_certs) and also 
contains {versions, ['tlsv1.2']}.

The client has no particular configuration.

Forcing the client to use TLS 1.2 "fixes" the problem. Tests that do not 
use sni_hosts but are otherwise configured the same do not have this issue.

This is the relevant test triggering this issue: 
https://github.com/ninenines/ranch/blob/master/test/acceptor_SUITE.erl#L596

If this is an actual bug and not my misunderstanding I can open a ticket.

Note that we've restricted the server to TLS 1.2 to fix other issues 
that I do not believe to be bugs in ssl. I haven't investigated it but 
since it gets us insufficient security errors and that the 
self-generated certificates use insecure algorithms I'm guessing it's 
probably the issue. We will switch from erl_make_certs to the more 
modern approach of generating certificates for tests in a future release.

Cheers,

On 25/03/2020 15:24, Kenneth Lundin wrote:
> 
>     OTP 23 Release Candidate 2
> 
> This is the second of three planned release candidates before the OTP 23 
> release.
> The intention with this release is to get feedback from our users. All 
> feedback is welcome, even if it is only to say that it works for you.
> 
> Erlang/OTP 23 is a new major release with new features, improvements as 
> well as a few incompatibilities.
> 
> 
>       Potential Incompatibilities
> 
>   * SSL:
>       o Support for SSL 3.0 is completely removed.
>       o TLS 1.3 is added to the list of default supported versions.
>   * |erl_interface|: Removed the deprecated parts of |erl_interface|
>     (|erl_interface.h| and essentially all C functions with prefix |erl_|).
>   * The deprecated |erlang:get_stacktrace/0| BIF now returns an empty
>     list instead of a stacktrace.
>     |erlang:get_stacktrace/0| is scheduled for removal in OTP 24.
>   * ...
> 
> 
>       Highlights (rc2)
> 
>   * ssh:
>       o OpenSSH 6.5 introduced a new file representation of
>         keys called |openssh-key-v1|. This is now supported with the
>         exception of
>         handling encrypted keys.
>       o Algorithm configuration could now be done in a .config file.
>         This is useful for example to enable an algorithm that
>         is disabled by default without need to change the code.
>   * ssl:
>       o Support for the middlebox compatibility mode makes the TLS 1.3
>         handshake
>         look more like a TLS 1.2 handshake and increases the chance of
>         successfully
>         establishing TLS 1.3 connections through legacy middleboxes.
>       o Add support for key exchange with Edward curves and PSS-RSA
>         padding in
>         signature verification
>   * The possibility to run Erlang distribution without
>     relying on EPMD has been extended. To achieve this a
>     couple of new options to the inet distribution has been
>     added.
>       o |-dist_listen false| Setup the distribution
>         channel, but do not listen for incoming connection.
>       o |-erl_epmd_port Port| Configure a default port that
>         the built-in EPMD client should return.
>       o ...
>   * A first EXPERIMENTAL |socket| backend to
>     |gen_tcp| and |inet| has been implemented. |gen_udp| and
>     |gen_sctp| will follow.
>     Putting |{inet_backend, socket}| as first option to |listen()| or
>     |connect()| makes it easy to try this for
>     existing code
> 
> 
>       Highlights (rc1)
> 
>   * A new module |erpc| in kernel which implements an enhanced subset of
>     the operations provided by the |rpc| module. Enhanced in the sense
>     that it makes it possible to distinguish between returned value,
>     raised exceptions and other errors. |erpc| also has better
>     performance and scalability than the original |rpc| implementation.
>     This by utilizing the newly introduced |spawn_request()| BIF. Also
>     the |rpc| module benefits from these improvements by utilizing
>     |erpc| when possible.
>   * Scalability and performance Improvements plus new functionality
>     regarding distributed spawn operations.
>   * In binary matching, the size of the segment to be matched is now
>     allowed to be a guard expression (EEP-52)
>   * When matching with maps the keys can now be guard expressions (EEP-52).
>   * ssh: support for TCP/IP port forwarding, a.k.a tunneling a.k.a as
>     tcp-forward/direct-tcp is implemented. In the OpenSSH client, this
>     corresponds to the options -L and -R.
>   * Allow underscores in numeric literals to improve readability.
>     Examples: |123_456_789|, |16#1234_ABCD|.
>   * New functions in the shell for displaying documentation for Erlang
>     modules, functions and types. The
>     functions are:
>       o |h/1,2,3| -- Print the documentation for a |Module:Function/Arity|.
>       o |ht/1,2,3| -- Print the type documentation for a
>         |Module:Type/Arity|.
>         The embedded documentation is created as docchunks (EEP 48) when
>         building the Erlang/OTP documentation.
>   * kernel: The module |pg| with a new implementation of distributed
>     named process groups is introduced. The old module |pg2| is
>     deprecated and scheduled for removal in OTP 24.
>   * Our tool chain for building the Windows packages is upgraded with
>     new C++ compiler, Java compiler, OpenSSL libraries and wxWidgets
>     versions. We are now using WSL (the Linux Subsystem for Windows when
>     building) which makes it easier to handle the build environment.
>   * ...
> 
> For more details see
> http://erlang.org/download/otp_src_23.0-rc2.readme
> 
> Pre built versions for Windows can be fetched here:
> http://erlang.org/download/otp_win32_23.0-rc2.exe
> http://erlang.org/download/otp_win64_23.0-rc2.exe
> 
> Online documentation can be browsed here:
> http://erlang.org/documentation/doc-11.0-rc2/doc
> The Erlang/OTP source can also be found at GitHub on the official Erlang 
> repository,
> https://github.com/erlang/otp
> 

-- 
Loïc Hoguin
https://ninenines.eu


More information about the erlang-questions mailing list