Thank you very much<span></span><br><br>On Thursday, January 2, 2014, Andreas Schultz wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Found it, curve selection in server mode is broken in at least R16B3 and R17.<br>
Fix send in github pull request: <a href="https://github.com/erlang/otp/pull/183" target="_blank">https://github.com/erlang/otp/pull/183</a><br>
<br>
The same fix also applies to R16B3.<br>
<br>
Andreas<br>
<br>
----- Original Message -----<br>
> Hi Loco,<br>
><br>
> The root cause of this problem is the elliptic curve used in the ECDHE key<br>
> exchange. Chrome (and probably the other failing clients) support only a<br>
> limited set of curves (chrome only does secp256r1, secp384r1 and secp521r1).<br>
><br>
> Erlang's ECDHE support is currently hard coded to always use secp256k1.<br>
><br>
> Obviously, this will not work. Excluding all ECDHE cipher suites will work<br>
> around that problem. The correct fix will be to teach Erlang SSL to select<br>
> the correct curve.<br>
><br>
> Andreas<br>
><br>
> ----- Original Message -----<br>
> ><br>
> ><br>
> > Hi,<br>
> ><br>
> > I am having an issue getting ssl to work<br>
> ><br>
> > Hi,<br>
> ><br>
> > I am having an ssl issue<br>
> ><br>
> > The following gist<br>
> ><br>
> ><br>
> > <a href="https://gist.github.com/locojay/8188721" target="_blank">https://gist.github.com/locojay/8188721</a><br>
> ><br>
> > list’s how to install my setup (ubuntu 12.04 vagrant box, esl erlang<br>
> > R16B03,<br>
> > ssl 5.3.2, cowboy's ssl_example on master).<br>
> ><br>
> ><br>
> > I tested the following clients:<br>
> ><br>
> ><br>
> > - curl, chrome , firefox, safari, python requests<br>
> ><br>
> > on ubuntu 12.10 and osx 10.9 mavericks<br>
> ><br>
> > with the following result's<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > CHROME | FIREFOX | SAFARI | CURL<br>
> ><br>
> > UBUNTU fails | fails | na | works<br>
> ><br>
> > OSX fails | fails(long stacktrace) | fails | fails<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > the gist contains server/client log’s for these options<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > I'm using the cowboy ssl example to demonstrate my problem. Using an other<br>
> > self signed, or signed certificate results in the same issue.<br>
> ><br>
> > Creating a pem file of the example key, cert ca-cert and using in ejabberd<br>
> > 13.12 works fine with all browser’s.<br>
> ><br>
> > which:applications() in ejabberd 13.12 return’s ssl 5.3.2<br>
> ><br>
> > I am confused since i thought that the issue would have been the ssl app<br>
> > since we have<br>
> ><br>
> ><br>
> > cowboy —> ranch —> sslapp<br>
> ><br>
> > I am out of idea’s and would really appreciate any help<br>
> ><br>
> > Many thanks<br>
> ><br>
> > _______________________________________________<br>
> > erlang-questions mailing list<br>
> > <a>erlang-questions@erlang.org</a><br>
> > <a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
> ><br>
><br>
> --<br>
> --<br>
> Dipl. Inform.<br>
> Andreas Schultz<br>
><br>
> email: <a>as@travelping.com</a><br>
> phone: +49-391-819099-224<br>
> mobil: +49-170-2226073<br>
><br>
> ------------------- enabling your networks -------------------<br>
><br>
> Travelping GmbH phone: +49-391-819099229<br>
> Roentgenstr. 13 fax: +49-391-819099299<br>
> D-39108 Magdeburg email: <a>info@travelping.com</a><br>
> GERMANY web: <a href="http://www.travelping.com" target="_blank">http://www.travelping.com</a><br>
><br>
> Company Registration: Amtsgericht Stendal Reg No.: HRB 10578<br>
> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780<br>
> --------------------------------------------------------------<br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a>erlang-questions@erlang.org</a><br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
><br>
<br>
--<br>
--<br>
Dipl. Inform.<br>
Andreas Schultz<br>
<br>
email: <a></a></blockquote>