<div dir="ltr">got it.<div><br></div><div>Looks that it is very hard to make "good-for-all" default SSL configuration.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Feb 29, 2020 at 5:28 PM Bram Verburg <<a href="mailto:bram.verburg@voltone.net">bram.verburg@voltone.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">This is due to the fact that OTP 23 supports x25519/x448 in ECDH key exchange for TLS 1.3, but not TLS 1.2. I believe it will be fixed in the next RC. For now you can either disable TLS 1.3 or pass `{supported_groups, [secp256r1, secp384r1]}`.</div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 29 Feb 2020 at 03:48, Max Lapshin <<a href="mailto:max.lapshin@gmail.com" target="_blank">max.lapshin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Something with default cipher configuration?<div><br></div><div>$ erl<br>Erlang/OTP 23 [RELEASE CANDIDATE 1] [erts-11.0] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe] [dtrace]<br><br>Eshell V11.0  (abort with ^G)<br>1> application:ensure_all_started(inets).<br>{ok,[inets]}<br></div><div>4> application:ensure_all_started(ssl).                                                <br>{ok,[crypto,asn1,public_key,ssl]}<br>5> httpc:request(get, {"<a href="https://repo.hex.pm/" target="_blank">https://repo.hex.pm/</a>",[]}, [], [{body_format, binary}]).<br>=NOTICE REPORT==== 29-Feb-2020::04:47:26.729009 ===<br>TLS client: In state certify at tls_connection.erl:1281 generated CLIENT ALERT: Fatal - Handshake Failure<br> - malformed_handshake_data<br>{error,{failed_connect,[{to_address,{"<a href="http://repo.hex.pm" target="_blank">repo.hex.pm</a>",443}},<br>                        {inet,[inet],<br>                              {tls_alert,{handshake_failure,"TLS client: In state certify at tls_connection.erl:1281 generated CLIENT ALERT: Fatal - Handshake Failure\n malformed_handshake_data"}}}]}}<br></div><div><br></div><div>?</div></div>
</blockquote></div>
</blockquote></div>