<div dir="ltr"><div>Hello! <br><br>For the last few days I stared experiencing problems when connecting to Apple Push Notification Service (APNS) with <br>Erlangs SSL.<br><br>When trying to connect I encounter the following error:<br><br>** exception exit: {{function_clause,[{ssl_cipher,hash_algorithm,"ï",<br>                                                  [{file,"ssl_cipher.erl"},{line,1196}]},<br>                                      {ssl_handshake,'-decode_handshake/3-lc$^0/1-0-',1,<br>                                                     [{file,"ssl_handshake.erl"},{line,945}]},<br>                                      {ssl_handshake,'-decode_handshake/3-lc$^0/1-0-',1,<br>                                                     [{file,"ssl_handshake.erl"},{line,946}]},<br>                                      {ssl_handshake,decode_handshake,3,<br>                                                     [{file,"ssl_handshake.erl"},{line,945}]},<br>                                      {tls_handshake,get_tls_handshake_aux,3,<br>                                                     [{file,"tls_handshake.erl"},{line,155}]},<br>                                      {tls_connection,next_state,4,<br>                                                      [{file,"tls_connection.erl"},{line,433}]},<br>                                      {tls_connection,next_state,4,<br>                                                      [{file,"tls_connection.erl"},{line,437}]},<br>                                      {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]}]},<br>                    {gen_fsm,sync_send_all_state_event,<br>                             [<0.1221.0>,{start,1000},infinity]}}<br>     in function  gen_fsm:sync_send_all_state_event/3 (gen_fsm.erl, line 242)<br>     in call from ssl_connection:sync_send_all_state_event/2 (ssl_connection.erl, line 1654)<br>     in call from ssl_connection:handshake/2 (ssl_connection.erl, line 101)<br>     in call from tls_connection:start_fsm/8 (tls_connection.erl, line 81)<br>     in call from ssl_connection:connect/8 (ssl_connection.erl, line 71)<br>16:53:13.961 <0.1221.0> Undefined Undefined [error] gen_fsm <0.1221.0> in state certify terminated with reason: no function clause matching ssl_cipher:hash_algorithm(239) line 1196<br>16:53:13.964 <0.1221.0> Undefined Undefined [error] CRASH REPORT Process <0.1221.0> with 0 neighbours exited with reason: no function clause matching ssl_cipher:hash_algorithm(239) line 1196 in gen_fsm:terminate/7 line 611<br>16:53:13.965 <0.174.0> Undefined Undefined [error] Supervisor tls_connection_sup had child undefined started with {tls_connection,start_link,undefined} at <0.1221.0> exit with reason no function clause matching ssl_cipher:hash_algorithm(239) line 1196 in context child_terminated<br><br>Steps to reproduce (you need an APNS certificate for this):<br><br>    application:ensure_all_started(ssl).<br>    Address = "<a href="http://gateway.sandbox.push.apple.com">gateway.sandbox.push.apple.com</a>".<br>    Port = 2195.<br>    Cert = "cert.pem".<br>    CertPass = "*****".<br>    Options1 = [{certfile,Cert},{password,CertPass},{mode,binary}].<br>    Timeout = 1000.<br>    {ok,Socket} = ssl:connect(Address, Port, Options1, Timeout).<br><br>If we try to connect with the same certificate by using OpenSSL from command line (s_client) if works fine with no errors.<br><br>    Terminal command: openssl s_client -connect <a href="http://gateway.sandbox.push.apple.com:2195">gateway.sandbox.push.apple.com:2195</a> -cert cert.pem -debug <br>    Enter pass phrase for cert.pem:<br>    CONNECTED(00000003)<br>    ...<br>    Certificate chain<br>     0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=<a href="http://gateway.sandbox.push.apple.com">gateway.sandbox.push.apple.com</a><br>       i:/C=US/O=Entrust, Inc./OU=<a href="http://www.entrust.net/rpa">www.entrust.net/rpa</a> is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C<br>     1 s:/C=US/O=Entrust, Inc./OU=<a href="http://www.entrust.net/rpa">www.entrust.net/rpa</a> is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C<br>       i:/O=Entrust.net/OU=<a href="http://www.entrust.net/CPS_2048">www.entrust.net/CPS_2048</a> incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)<br>    ---<br>    ...<br>    subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=<a href="http://gateway.sandbox.push.apple.com">gateway.sandbox.push.apple.com</a><br>    issuer=/C=US/O=Entrust, Inc./OU=<a href="http://www.entrust.net/rpa">www.entrust.net/rpa</a> is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C<br>    ---<br>    No client certificate CA names sent<br>    ---<br>    SSL handshake has read 2760 bytes and written 2363 bytes<br>    ---<br>    New, TLSv1/SSLv3, Cipher is AES256-SHA<br>    Server public key is 2048 bit<br>    Secure Renegotiation IS supported<br>    Compression: NONE<br>    Expansion: NONE<br>    SSL-Session:<br>        Protocol  : TLSv1<br>        Cipher    : AES256-SHA<br>        Session-ID: <br>        Session-ID-ctx: <br>        Master-Key: ...<br>        Key-Arg   : None<br>        Start Time: 1433689177<br>        Timeout   : 300 (sec)<br>        Verify return code: 0 (ok)<br>---<br><br>Is this an issue with Erlang SSL module? How can it be mitigated?<br><br></div>This can be reproduced on OSX and Linux - Erlang 17.4.<br><div><br>With regards,<br>    Denis<br></div></div>