[erlang-questions] iPhone unable to connect over SSL after upgrading to R16B01

[Stanislav Sedov]

On Jul 2, 2013, at 9:57 AM, Ransom Richardson <ransomr@REDACTED> wrote:

> Ingela, thanks for looking at this. Do you still need additional information? The issue seems to be client specific, and I don't have an isolated repro. Based on what I'm seeing it looks like {ecdhe_rsa,aes_256_cbc,sha} works fine when I connect with a python client, but not when I connect with an iOS client. This is the case even if I also support {rsa,aes_256_cbc,sha256}, which does work with the iOS client. So the iOS client/Erlang R16B01 server are choosing an EC cipher that then doesn't work. I think you will see the issue if you implement just a basic ssl server and connect with an iOS client. Please let me know if I can provide more information.

I wonder if this somehow may be related to an apparently broken ECDSA implementation
in Safari.  It can be seen that in the list of ciphers you posted DH/ECDHA comes
first.  Did the ciphers priority change for some reason in R16B01, or is it possible
your R16B01 is linked agains a different version of OpenSSL?

My apologies if you already considered this, but hope this might help.

[1] http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html

--
ST4096-RIPE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130702/d7458440/attachment.htm>