[erlang-questions] TLS errors

Wed Sep 2 20:22:11 CEST 2015

Thank you Ingela. This seems to be the case indeed.

> On 02/set/2015, at 08:59, Ingela Andin <ingela.andin@REDACTED> wrote:
> 
> Hi!
> 
> This I suspect is because of of ssl in OTP 18 no longer supports legacy insecure ciphers and SSL/TLS versions by default. If needed
> for interoperability they can still be configured.
> 
> From the release notes:
> "Remove default support for SSL-3.0, due to Poodle vunrability in protocol specification.
> 
> Add padding check for TLS-1.0 to remove Poodle vunrability from TLS 1.0, also add the option padding_check. This option only affects TLS-1.0 connections and if set to false it disables the block cipher padding check to be able to interoperate with legacy software.
> 
> Remove default support for RC4 cipher suites, as they are consider too weak."
> 
> 
> 2015-09-01 18:44 GMT+02:00 Roberto Ostinelli <roberto@REDACTED>:
>> Dear all,
>> I'm using SSL with Cowboy and I keep on getting these kind of errors in the logs:
>> 
>> SSL: hello: tls_handshake.erl:167:Fatal error: insufficient security
> 
> Could not find any common algorithms
> 
>  
>> SSL: hello: tls_handshake.erl:174:Fatal error: protocol version
> 
> No accetable TLS protocol version
> 
>  
>> SSL: certify: ssl_alert.erl:93:Fatal error: bad certificate
>> SSL: hello: tls_handshake.erl:118:Fatal error: inappropriate fallback
> 
> Prevention of Poodle
> 
>  
>> SSL: cipher: ssl_cipher.erl:292:Fatal error: bad record mac
>> 
>> I've started seeing those after I've upgraded to Erlang 18.0.2. This wasn't happening in 17.5.
>> 
>> Has anyone seen this, and has clues for me to pinpoint what the problem is?
>> Also, is there anyway for me to recover the originating IP address?
>> 
>> Any help appreciated.
> 
> Regards Ingela Erlang/OTP team - Ericsson AB
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150902/28ea60e4/attachment.htm>