[erlang-questions] cipher negotiation problem in SSL application when using PFS only

Bernd May bm@REDACTED
Fri Jan 30 11:38:17 CET 2015


On 23.01.2015 17:22, Ingela Andin wrote:
> You can use
> io:format("~p", [ssl:cipher_suites(openssl)]).
> io:format("~p", [ssl:cipher_suites(erlang)]).

Thanks, this allowed me to check the cipher suites again but so far I
have not found any difference. the output shows that erlang is supposed
to support the dhe cipher I want to use. Unfortunately the common
cipherlist in the tls_handshake:hello() is empty :-/

I have added a debug trace for further debugging:

Also I have noticed that this seems to be a problem of the R16B03
Erlang. if I use Erlang 17.4 as server and client it works. I had tested
it before with an R16B03 server and a 17.4 client , which didn't work. I
have also tested it with a 17.4 server now and a R16B03 client and that
also works.

seems I ahve to find out what changed in the ssl code between these
versions and then patch it step by step to track down the problem.


Bernd May

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150130/ec040077/attachment.bin>

More information about the erlang-questions mailing list