<div dir="ltr"><div><div>Hi!<br><br></div>This might be an interop problem due to AEAD cipher suites wrongly being filtered out.<br></div>Could you please try the following patch?<br><div><br>diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl<br>index 62a172c..59cf05f 100644<br>--- a/lib/ssl/src/ssl_cipher.erl<br>+++ b/lib/ssl/src/ssl_cipher.erl<br>@@ -2175,6 +2175,8 @@ is_acceptable_cipher(Cipher, Algos) -><br> <br> is_acceptable_hash(null, _Algos) -><br> true;<br>+is_acceptable_hash(aead, _Algos) -><br>+ true;<br> is_acceptable_hash(Hash, Algos) -><br> proplists:get_bool(Hash, Algos).<br><br> <br><br></div><div>Regards Ingela Erlang/OTP team - Ericsson AB<br></div><div><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-03-15 10:02 GMT+01:00 Ingela Andin <span dir="ltr"><<a href="mailto:ingela.andin@gmail.com" target="_blank">ingela.andin@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi!<br><br></div>If this is a bug is hard to tell form the information you provided. Do you have any Erlang log printouts? Can you give me a way to reproduce it? If you have more information that you do not want to share publicly you can send<br></div>me a private mail.<br><br></div>Regards Ingela Erlang/OTP team - Ericsson AB<br><div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">2018-03-14 17:02 GMT+01:00 Wes James <span dir="ltr"><<a href="mailto:comptekki@gmail.com" target="_blank">comptekki@gmail.com</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">With this version I am now getting ERR_SPDY_INADEQUATE_TR<wbr>ANSPORT_SECURITY when going to my https cowboy app in chrome <span style="color:rgb(117,117,117);font-family:Roboto,system-ui,sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Version 65.0.3325.162 and a similar error in firefox. My app uses a self-signed certificate. It works fine with otp 20.2.4. Is there a way to fix this for self-signed certs? I tried a few things suggested on some web searches, but I still get the same error. For one, I tried adding the cert to the system keychain on my mac and selected always trust. If this is a bug, let me know and I'll report it in the tracker.</span><div><font face="Roboto, system-ui, sans-serif" color="#757575"><br></font></div><div><font face="Roboto, system-ui, sans-serif" color="#757575">Thanks,</font></div><div><font face="Roboto, system-ui, sans-serif" color="#757575"><br></font></div><div><font face="Roboto, system-ui, sans-serif" color="#757575">-wes<br></font><span><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 14, 2018 at 3:46 AM, Henrik Nord X <span dir="ltr"><<a href="mailto:henrik.x.nord@ericsson.com" target="_blank">henrik.x.nord@ericsson.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Erlang/OTP 20.3 is the third service release for the 20 major release.<br>
The service release contains mostly bug fixes and characteristics<br>
improvements but also some new features.<br>
<br>
Some highlights for 20.3<br>
<br>
<br>
Application(s): ssl<br>
<br>
Added new API functions to facilitate cipher suite<br>
handling<br>
<br>
Application(s): erts, observer<br>
<br>
More crash dump info such as: process binary virtual<br>
heap stats, full info for process causing out-of-mem<br>
during GC, more port related info, and dirty scheduler<br>
info.<br>
<br></blockquote></div></div></span></div></div>
<br></div></div><span class="">______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/list<wbr>info/erlang-questions</a><br>
<br></span></blockquote></div><br></div></div></div></div></div></div>
</blockquote></div><br></div>