[erlang-questions] SSL decrypt error during SSL handshake

Daniel Luna daniel@REDACTED
Thu Dec 20 16:39:27 CET 2012

Most likely this is the same bug that bit us a while ago.  With
certificates from GoDaddy.

Here http://erlang.org/pipermail/erlang-bugs/2012-August/002996.html
plus related emails.

This was fixed in R15B02.  From the release notes:

   OTP-10222  Workaround for handling certificates that wrongly encode
	      X509countryname in utf-8 when the actual value is a valid
	      ASCCI value of length 2. Such certificates are accepted by
	      many browsers such as Chrome and Fierfox so for
	      interoperability reasons we will too.



On 20 December 2012 03:33, Ingela Andin <ingela.andin@REDACTED> wrote:
> Hi!
> Decryption error happens if the inputdata is somehow corrupted.
> I can not think of an obvious reason that this could happen with you setup, but
> your server is using a fairly old version so upgrading might be a good
> idea regardless.
> Regards Ingela Erlang/OTP team - Ericsson AB
> 2012/12/15, Kaiduan Xie <kaiduanx@REDACTED>:
>> Hi,
>> I ran into a situation where server sends back SSL decrypt error to
>> client during SSL handshake, both client and server are written in
>> Erlang. The SSL handshake looks as below,
>> 1) Client sends Client Hello to server
>> 2) Server sends Server Hello back
>> 3) Server sends Certificate, Server Key Exchange and Server Hello Done
>> 4) Client sends Client Key Exchange
>> 5) Client sends Change Cipher Spec, Encrypted Handshake Message
>> 6) Server sends Alert (Level: Fatal, Description: Decrypt Error)
>> The certificate is from godaddy, any idea why server sends Decrypt Error?
>> The server is running R14B01 while the client is running R15B02.
>> Thanks,
>> /Kaiduan
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

More information about the erlang-questions mailing list