<div dir="ltr">Hi Christopher!<div><br></div><div>Would it be possible for you to create an example self-signed cert that fails and that you could send to me?</div><div><br></div><div>Regards Ingela Erlang/OTP team - Ericsson AB<br>
<div class="gmail_extra"><br><br><div class="gmail_quote">2013/10/4 Christopher Meiklejohn <span dir="ltr"><<a href="mailto:cmeiklejohn@basho.com" target="_blank">cmeiklejohn@basho.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Ingela,<br>
<br>
We've also been experiencing what seems to be the same problem using self-signed certificates. I've verified that the same certificates, while producing a CA certificate error in R15B03 works, but fails to connect in R16B02 with no error in any logs.<br>
<br>
- Chris<br>
<br>
--<br>
Christopher Meiklejohn<br>
Software Engineer<br>
Basho Technologies, Inc.<br>
<div class="im"><br>
<br>
<br>
On Friday, October 4, 2013 at 2:44 AM, Ingela Andin wrote:<br>
<br>
> Hi Wes!<br>
><br>
> I have heard from several sources that they have problems connecting with Firefox and Chrome<br>
> when Elliptic curve cipher suites are enabled. Elliptic curve ciphers where first supported at all in R16 and are by default enabled, although will not be used if the client does not claim to be able to use them.<br>
> It does seem though that other clients can connect like curl, s_client (openssl), some python client and now opera. I also know that some ECC ciphers are broken in openssl version 1.0.0 and 1.0.0.a.<br>
> So it seems like it is a client problem that you may workaround by disabling Elliptic Curve cipher suites<br>
> until the clients get fixed. Also R16B02 fixes an ECC bug so R16B will not be better then R16B02, going<br>
> back to R15 will work as the ECC ciphers where not supported at all, but I can see other reasons you would not want to do that.<br>
><br>
> Regards Ingela Erlang/OTP team - Ericsson AB<br>
><br>
><br>
><br>
><br>
</div>> 2013/10/4 Wes James <<a href="mailto:comptekki@gmail.com">comptekki@gmail.com</a> (mailto:<a href="mailto:comptekki@gmail.com">comptekki@gmail.com</a>)><br>
<div class="im">> > Somewhere along the line I've started having issues with self-signed certs.<br>
> ><br>
> > On xubuntu I've:<br>
> ><br>
> > recently upgraded chrome and firefox (both having issues)<br>
> ><br>
> > recently upgraded cowboy to master<br>
> ><br>
> > recently upgrade to 16B02 (compiled then installed)<br>
> ><br>
> > I'm having issues accessing sites on https now. I get an error from firefox, but try to accept but get a security error. On chrome, it just says it can't get to the site. I then tried opera. I have to confirm some boxes on opera, but I can finally see the https sites.<br>
> ><br>
> > Anyone else having these issues?<br>
> ><br>
> > I've tried going back to 16B, but still have the issues so I'm not sure if it is erlang. I've tried compiling code with 0.8.1 of cowboy with 16B, but still have the same issues (where it was working fine before), so I'm not sure where the problem is.<br>
> ><br>
> > Thanks,<br>
> ><br>
> > Wes<br>
> ><br>
> > _______________________________________________<br>
> > erlang-questions mailing list<br>
</div>> > <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a> (mailto:<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a>)<br>
> > <a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
><br>
><br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a> (mailto:<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a>)<br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br>
<br></blockquote></div></div></div></div>