[erlang-questions] TLS cipher suite with Galois Counter Mode (GCM)
John Foldager
john.foldager@REDACTED
Wed Sep 9 11:38:46 CEST 2015
We'll probably upgrade directly from Erlang 16.x to 18.x, but we need
to know the following:
- Will RabbitMQ team be supportive if issues arise with the
combination of Erlang 18.x and RabbitMQ 3.5.4+ ?
- Will RabbitMQ be able to handle the GCM ciphers? My guess is yes
because I would believe that RabbitMQ is only using the Erlang SSL/TLS
layer and not restricting anything in it if it is supported.
On Wed, Sep 9, 2015 at 11:23 AM, Andreas Schultz <aschultz@REDACTED> wrote:
> ----- Original Message -----
>> From: "John Foldager" <john.foldager@REDACTED>
>> To: erlang-questions@REDACTED
>> Sent: Wednesday, September 9, 2015 9:39:52 AM
>> Subject: Re: [erlang-questions] TLS cipher suite with Galois Counter Mode (GCM)
>
>> Thanks Danil.
>>
>> We're currently using Erlang 16 b3, so we'll check if we can upgrade
>> to Erlang OTP 18 instead. We just need to verify with RabbitMQ if it
>> is supported or not.
>
> Hi John,
>
> Original pull request for GCM support was https://github.com/erlang/otp/pull/372.
> Those change *might* be applicable to R17 as well (if you need to stay with R17).
>
> R16 is most certainly to old for those changes.
>
> Andreas
>
>
>> Thanks
>>
>> On Tue, Sep 8, 2015 at 2:38 PM, Danil Zagoskin <z@REDACTED> wrote:
>>> Hi, John!
>>>
>>> What OTP version do you use?
>>> OTP17 and prior do not support GCM, you need OTP18.
>>>
>>> Old possible ciphers:
>>> https://github.com/erlang/otp/blob/maint-17/lib/ssl/src/ssl_cipher.erl#L46
>>> New possible ciphers:
>>> https://github.com/erlang/otp/blob/maint-18/lib/ssl/src/ssl_cipher.erl#L48
>>> (note the aes_128_gcm and aes_256_gcm ciphers).
>>>
>>> On Tue, Sep 8, 2015 at 2:58 PM, John Foldager <john.foldager@REDACTED>
>>> wrote:
>>>>
>>>> We're using RabbitMQ and now have a request for supporting the following
>>>> cipher suites:
>>>>
>>>> TLS_RSA_WITH_AES_128_GCM_SHA256 (0X009C)
>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0XC02F)
>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0X009E)
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0XC02B)
>>>>
>>>> However, if we use the following commands from the Erlang CLI we don't see
>>>> these cipher suites:
>>>>
>>>> io:format("~p", [ssl:cipher_suites(openssl)]).
>>>> io:format("~p", [ssl:cipher_suites(erlang)]).
>>>>
>>>> So how can we make these cipher suites available to Erlang.... and then
>>>> RabbitMQ that runs on top of Erlang?
>>>>
>>>> _______________________________________________
>>>> erlang-questions mailing list
>>>> erlang-questions@REDACTED
>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>
>>>
>>>
>>>
>>> --
>>> Danil Zagoskin | z@REDACTED
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list