[erlang-questions] SSL decrypt error during SSL handshake

Kaiduan Xie kaiduanx@REDACTED
Thu Dec 20 17:58:20 CET 2012 

Ingela and Daniel,

Thank you very much for the response. I upgraded the server to R15B03,
the problem is still there. You can refer the attached pcap file on
the server.

Best regards,

/Kaiduan

On Thu, Dec 20, 2012 at 10:39 AM, Daniel Luna <daniel@REDACTED> wrote:
> Most likely this is the same bug that bit us a while ago.  With
> certificates from GoDaddy.
>
> Here http://erlang.org/pipermail/erlang-bugs/2012-August/002996.html
> plus related emails.
>
> This was fixed in R15B02.  From the release notes:
>
>    OTP-10222  Workaround for handling certificates that wrongly encode
>               X509countryname in utf-8 when the actual value is a valid
>               ASCCI value of length 2. Such certificates are accepted by
>               many browsers such as Chrome and Fierfox so for
>               interoperability reasons we will too.
>
> Cheers,
>
> Daniel
>
> On 20 December 2012 03:33, Ingela Andin <ingela.andin@REDACTED> wrote:
>> Hi!
>>
>> Decryption error happens if the inputdata is somehow corrupted.
>> I can not think of an obvious reason that this could happen with you setup, but
>> your server is using a fairly old version so upgrading might be a good
>> idea regardless.
>>
>> Regards Ingela Erlang/OTP team - Ericsson AB
>>
>>
>> 2012/12/15, Kaiduan Xie <kaiduanx@REDACTED>:
>>> Hi,
>>>
>>> I ran into a situation where server sends back SSL decrypt error to
>>> client during SSL handshake, both client and server are written in
>>> Erlang. The SSL handshake looks as below,
>>>
>>> 1) Client sends Client Hello to server
>>> 2) Server sends Server Hello back
>>> 3) Server sends Certificate, Server Key Exchange and Server Hello Done
>>> 4) Client sends Client Key Exchange
>>> 5) Client sends Change Cipher Spec, Encrypted Handshake Message
>>> 6) Server sends Alert (Level: Fatal, Description: Decrypt Error)
>>>
>>> The certificate is from godaddy, any idea why server sends Decrypt Error?
>>>
>>> The server is running R14B01 while the client is running R15B02.
>>>
>>> Thanks,
>>>
>>> /Kaiduan
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl-alert-error.pcap
Type: application/octet-stream
Size: 6595 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20121220/e3d80d9a/attachment.obj>

More information about the erlang-questions mailing list