<div dir="ltr"><div>Hi!<br><br></div><div>Well that was not intended, but I would not worry too much about it. We plan to deprecate the ssl:cipher_suites/1 function in 21 and this function is not used in runtime of the ssl application.<br></div><div>I have not investigated why yet but we will fix it. <br><br></div><div>Regards Ingela Erlang/OTP team - Ericsson AB<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2018-03-14 19:10 GMT+01:00 derek <span dir="ltr"><<a href="mailto:denc716@gmail.com" target="_blank">denc716@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I can reproduce the issue, while I change to call this<br>
<a href="http://erlang.org/doc/man/ssl.html#cipher_suites-2" rel="noreferrer" target="_blank">http://erlang.org/doc/man/ssl.<wbr>html#cipher_suites-2</a><br>
<br>
with 2nd argument 'tlsv1.2' it seems still have some gcm ciphers;<br>
wonder is this change intended ? I am not seeing the change in<br>
<a href="http://erlang.org/download/otp_src_20.3.readme" rel="noreferrer" target="_blank">http://erlang.org/download/<wbr>otp_src_20.3.readme</a><br>
<br>
13> ssl:cipher_suites(all, 'tlsv1.2').<br>
[#{cipher => aes_256_gcm,key_exchange => ecdhe_ecdsa,<br>
mac => aead,prf => sha384},<br>
#{cipher => aes_256_gcm,key_exchange => ecdhe_rsa,mac => aead,<br>
prf => sha384},<br>
#{cipher => aes_256_cbc,key_exchange => ecdhe_ecdsa,<br>
mac => sha384,prf => sha384},<br>
#{cipher => aes_256_cbc,key_exchange => ecdhe_rsa,<br>
mac => sha384,prf => sha384},<br>
#{cipher => aes_256_gcm,key_exchange => ecdh_ecdsa,<br>
mac => aead,prf => sha384},<br>
#{cipher => aes_256_gcm,key_exchange => ecdh_rsa,mac => aead,<br>
prf => sha384},<br>
#{cipher => aes_256_cbc,key_exchange => ecdh_ecdsa,<br>
mac => sha384,prf => sha384},<br>
#{cipher => aes_256_cbc,key_exchange => ecdh_rsa,<br>
mac => sha384,prf => sha384},<br>
#{cipher => chacha20_poly1305,key_exchange => ecdhe_ecdsa,<br>
mac => aead,prf => sha256},<br>
#{cipher => chacha20_poly1305,key_exchange => ecdhe_rsa,<br>
mac => aead,prf => sha256},<br>
#{cipher => chacha20_poly1305,key_exchange => dhe_rsa,<br>
mac => aead,prf => sha256},<br>
#{cipher => aes_256_gcm,key_exchange => dhe_rsa,mac => aead,<br>
prf => sha384},<br>
#{cipher => aes_256_gcm,key_exchange => dhe_dss,mac => aead,<br>
prf => sha384},<br>
<span class="im HOEnZb"><br>
<br>
<br>
On Wed, Mar 14, 2018 at 9:18 AM, Leo Liu <<a href="mailto:sdl.web@gmail.com">sdl.web@gmail.com</a>> wrote:<br>
> I just compiled Erlang 20.3 from github with openssl 1.0.1 (centos 7)<br>
> and 1.0.2 (Sierra 10.12.6). ssl:cipher_suites(erlang) returns no gcm<br>
> ciphers.<br>
><br>
<br>
> I have previously compiled 20.2 from source and it has gcm ciphers. I<br>
> wonder if this is an intended change in OTP 20.3? Thanks.<br>
</span><div class="HOEnZb"><div class="h5">______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a><br>
</div></div></blockquote></div><br></div></div></div></div>