<div dir="ltr"><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"><a name="_MailOriginal"><span lang="EN-US">Hi,</span></a></p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"><a name="_MailOriginal"><span lang="EN-US"><br></span></a></p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">This is a bug in the current implementation when configuring a TLS server to support TLS 1.2 or lower and using option {handshake, hello} to pause the handshake. (The {handshake, hello} option is not yet implemented for TLS 1.3.)</p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">What happens here is that the client apparently sends a psk_key_exchange_modes extension and possibly even a pre_shared_key extension in its ClientHello. These extensions are used in TLS 1.3 when trying to resume a session with a ticket received in a previous session.</p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"></p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">Please report this issue on <a href="https://bugs.erlang.org/">https://bugs.erlang.org/</a>!</p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"><br></p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"><a name="_MailOriginal"><span lang="EN-US">BR/Peter</span></a></p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"><a name="_MailOriginal"><span lang="EN-US"><br></span></a></p><p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"><a name="_MailOriginal"><span lang="EN-US">-----Original
Message-----<br>
From: erlang-questions <erlang-questions-bounces@erlang.org> On Behalf Of
Oliver Bollmann<br>
Sent: den 6 november 2019 10:58<br>
To: erlang-questions <erlang-questions@erlang.org><br>
Subject: Handshake -> psk_key_exchange_modes</span></a></p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">Hi,</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">0) Erlang/OTP 22
[erts-10.5.3] [source] [64-bit] [smp:16:16] [ds:16:16:10] [async-threads:1]
[hipe]</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">1)
client_server:start(). -> Port</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">2) Open browser:
<a href="https://localhost:Port"><span style="color:windowtext;text-decoration-line:none">https://localhost:Port</span></a> using Safari,Chrome</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">3) exception
error: no function clause matching</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">ssl_handshake:extension_value({psk_key_exchange_modes,[psk_dhe_ke]})</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">(ssl_handshake.erl,
line 1492)</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> in function
maps:map_1/2 (maps.erl, line 252)</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> in call from
maps:map_1/2 (maps.erl, line 252)</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> in call from
maps:map/2 (maps.erl, line 243)</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> in call from
ssl_connection:handshake/2 (ssl_connection.erl, line 127)</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> in call from
client_server:start/0 (client_server.erl, line 42)</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">Any Hints?</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">--</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">Grüße</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif">Oliver Bollmann</p>
<p class="gmail-MsoPlainText" style="margin:0cm 0cm 0.0001pt;font-size:14pt;font-family:Calibri,sans-serif"> </p></div>