[erlang-questions] TLS cipher suite with Galois Counter Mode (GCM)

Andreas Schultz aschultz@REDACTED
Wed Sep 9 11:23:37 CEST 2015 

----- Original Message -----
> From: "John Foldager" <john.foldager@REDACTED>
> To: erlang-questions@REDACTED
> Sent: Wednesday, September 9, 2015 9:39:52 AM
> Subject: Re: [erlang-questions] TLS cipher suite with Galois Counter Mode	(GCM)

> Thanks Danil.
> 
> We're currently using Erlang 16 b3, so we'll check if we can upgrade
> to Erlang OTP 18 instead. We just need to verify with RabbitMQ if it
> is supported or not.

Hi John,

Original pull request for GCM support was https://github.com/erlang/otp/pull/372.
Those change *might* be applicable to R17 as well (if you need to stay with R17).

R16 is most certainly to old for those changes.

Andreas


> Thanks
> 
> On Tue, Sep 8, 2015 at 2:38 PM, Danil Zagoskin <z@REDACTED> wrote:
>> Hi, John!
>>
>> What OTP version do you use?
>> OTP17 and prior do not support GCM, you need OTP18.
>>
>> Old possible ciphers:
>> https://github.com/erlang/otp/blob/maint-17/lib/ssl/src/ssl_cipher.erl#L46
>> New possible ciphers:
>> https://github.com/erlang/otp/blob/maint-18/lib/ssl/src/ssl_cipher.erl#L48
>> (note the aes_128_gcm and aes_256_gcm ciphers).
>>
>> On Tue, Sep 8, 2015 at 2:58 PM, John Foldager <john.foldager@REDACTED>
>> wrote:
>>>
>>> We're using RabbitMQ and now have a request for supporting the following
>>> cipher suites:
>>>
>>>     TLS_RSA_WITH_AES_128_GCM_SHA256 (0X009C)
>>>     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  (0XC02F)
>>>     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0X009E)
>>>     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0XC02B)
>>>
>>> However, if we use the following commands from the Erlang CLI we don't see
>>> these cipher suites:
>>>
>>>     io:format("~p", [ssl:cipher_suites(openssl)]).
>>>     io:format("~p", [ssl:cipher_suites(erlang)]).
>>>
>>> So how can we make these cipher suites available to Erlang.... and then
>>> RabbitMQ that runs on top of Erlang?
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>
>>
>>
>> --
>> Danil Zagoskin | z@REDACTED
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

More information about the erlang-questions mailing list