<div dir="ltr">Hi!<div><br></div><div>We promise to be backwards compatible, not bug compatible. As a workaround you may use the openSSL string names for cipher suites this should work for all versions.</div><div>I think that the tuple format has turned out to be a nuisance for more than one reason, and we may deprecate it in favour of for instance maps in the future.</div><div><br></div><div>Regards Ingela Erlang/OTP Team - Ericsson AB</div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-04-27 16:43 GMT+02:00 Fred Hebert <span dir="ltr"><<a href="mailto:mononcqc@ferd.ca" target="_blank">mononcqc@ferd.ca</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 04/27, Henrik Nord X wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
--- Fixed Bugs and Malfunctions ---<br>
<br>
OTP-13511 Application(s): ssl<br>
<br>
Corrections to cipher suite handling using the 3 and 4<br>
tuple format in addition to commit<br>
89d7e21cf4ae988c57c8ef047bfe85127875c70c<br>
</blockquote>
<br></span>
Well that is tricky now since it appears there is no longer any fix that allows to support all versions at once with a single configuration.<br>
<br>
I could get a config going in pre 18.3 by submitting 3-tuples. I could get 18.3 to work by using all tuples, looking for what was supported, and submitting the 3-tuple version no matter what.<br>
<br>
In 18.3.2, I *must* submit the 4-tuple version in this case, which can work, but I still get some odd failures, specifically around {rsa,aes_256_gcm,null,sha384} which still does not work with the new format:<br>
<br>
37> lists:member({rsa,aes_256_gcm,null,sha384},ssl:cipher_suites()).<br>
true<br>
38> ssl_cipher:suite({rsa,aes_256_gcm,null,sha384}).<br>
** exception error: no function clause matching ssl_cipher:suite({rsa,aes_256_gcm,null,sha384}) (ssl_cipher.erl, line 754)<br>
39> ssl_cipher:suite({rsa,aes_256_gcm,null}).<br>
<<0,157>><br>
<br>
So this suite is supported, but cannot be checked there in a specific manner and requires a special case because it still only works with the 3-tuple as input -- and there may be more of these.<br>
<br>
It seems like the patch is not properly covering all cases?<div class=""><div class="h5"><br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</div></div></blockquote></div><br></div></div></div>