<div dir="ltr">Hi!<div><br></div><div><br></div><div>I believe the bug could be solved by the following patch:</div><div><br></div><div>diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl<br>
index 40d974f..aa453fe 100644<br>
--- a/lib/ssl/src/ssl_cipher.erl<br>
+++ b/lib/ssl/src/ssl_cipher.erl<br>
@@ -2555,6 +2555,8 @@ ecdsa_signed_suites(Ciphers, Version) -><br>
<br>
rsa_keyed(dhe_rsa) -> <br>
true;<br>
+rsa_keyed(ecdhe_rsa) -> <br>
+ true;<br>
rsa_keyed(rsa) -> <br>
true;<br>
rsa_keyed(rsa_psk) -> <br>
@@ -2618,6 +2620,8 @@ ec_keyed(ecdh_ecdsa) -><br>
true;<br>
ec_keyed(ecdh_rsa) -><br>
true;<br>
+ec_keyed(ecdhe_ecdsa) -><br>
+ true;<br>
ec_keyed(_) -> <br>
false.<br>
<br></div><div><br></div><div>Regards Ingela Erlang/OTP Team </div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><div class="gmail_extra"><br><div class="gmail_quote">2018-08-08 14:23 GMT+02:00 Leo Liu <span dir="ltr"><<a href="mailto:sdl.web@gmail.com" target="_blank">sdl.web@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On 2018-08-07 16:19 -0300, Amin Arria wrote:<br>
> I have an application using cowboy with SSL/TLS. For some reason it has<br>
> stopped accepting connections and giving SSL erros to the clients<br>
> connecting.<br>
><br>
> The only piece of info the server gives is "TLS server: In state certify<br>
> received CLIENT ALERT: Fatal - Illegal Parameter" and I can't find anything<br>
> about. Do you know anything?<br>
<br>
</span>I have to debug such an issue some weeks ago. I got a call for help near<br>
midnight and wasted nearly 3 hours to get it working (sort of).<br>
<br>
Something changed between OTP 20.3.2 and 20.3.8.3 that makes some<br>
certificates unhappy. I bypassed it by using SSL application from 20.3.2<br>
with OTP 20.3.8.3. There is some bug somewhere.<br>
<span class="gmail-HOEnZb"><font color="#888888"><br>
Leo<br>
</font></span><div class="gmail-HOEnZb"><div class="gmail-h5">______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a><br>
</div></div></blockquote></div><br></div></div></div>