[erlang-questions] GCM block ciphers in the Windows binary distribution

Andreas Schultz aschultz@REDACTED
Thu Sep 10 10:24:05 CEST 2015 

----- Original Message -----
> From: "zxq9" <zxq9@REDACTED>
> To: erlang-questions@REDACTED
> Sent: Thursday, September 10, 2015 8:47:34 AM
> Subject: [erlang-questions] GCM block ciphers in the Windows binary	distribution

> I just noticed that there are no GCM ciphers supported in the Windows binary
> distribution from Erlang Solutions (at least not R18). Is there any reason for
> this?

AES-GCM requires OpenSSL >= 1.0.1, the binary distribution was probably build against
an older version.

Andreas

> 
> On Windows:
> 
> 1> io:format("~p~n", [ssl:cipher_suites()]).
> [{ecdhe_ecdsa,aes_256_cbc,sha384},
>  {ecdhe_rsa,aes_256_cbc,sha384},
>  {ecdh_ecdsa,aes_256_cbc,sha384},
>  {ecdh_rsa,aes_256_cbc,sha384},
>  {dhe_rsa,aes_256_cbc,sha256},
>  {dhe_dss,aes_256_cbc,sha256},
>  {rsa,aes_256_cbc,sha256},
>  {ecdhe_ecdsa,aes_128_cbc,sha256},
>  {ecdhe_rsa,aes_128_cbc,sha256},
>  {ecdh_ecdsa,aes_128_cbc,sha256},
>  {ecdh_rsa,aes_128_cbc,sha256},
>  {dhe_rsa,aes_128_cbc,sha256},
>  {dhe_dss,aes_128_cbc,sha256},
>  {rsa,aes_128_cbc,sha256},
>  {ecdhe_ecdsa,aes_256_cbc,sha},
>  {ecdhe_rsa,aes_256_cbc,sha},
>  {dhe_rsa,aes_256_cbc,sha},
>  {dhe_dss,aes_256_cbc,sha},
>  {ecdh_ecdsa,aes_256_cbc,sha},
>  {ecdh_rsa,aes_256_cbc,sha},
>  {rsa,aes_256_cbc,sha},
>  {ecdhe_ecdsa,'3des_ede_cbc',sha},
>  {ecdhe_rsa,'3des_ede_cbc',sha},
>  {dhe_rsa,'3des_ede_cbc',sha},
>  {dhe_dss,'3des_ede_cbc',sha},
>  {ecdh_ecdsa,'3des_ede_cbc',sha},
>  {ecdh_rsa,'3des_ede_cbc',sha},
>  {rsa,'3des_ede_cbc',sha},
>  {ecdhe_ecdsa,aes_128_cbc,sha},
>  {ecdhe_rsa,aes_128_cbc,sha},
>  {dhe_rsa,aes_128_cbc,sha},
>  {dhe_dss,aes_128_cbc,sha},
>  {ecdh_ecdsa,aes_128_cbc,sha},
>  {ecdh_rsa,aes_128_cbc,sha},
>  {rsa,aes_128_cbc,sha},
>  {dhe_rsa,des_cbc,sha},
>  {rsa,des_cbc,sha}]
> 
> And checking OpenSSL's support...
> 
> C:\Users\Craig Everett>openssl ciphers
> WARNING: can't open config file: /etc/ssl/openssl.cnf
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SE
> ED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA
> 
> Any reason these are not built in?
> 
> "Its a PITA" is a perfectly acceptable answer... the Windows build process
> already looks convoluted. I was just surprised as it doesn't appear to be
> difficult to add this since the included OpenSSL already supports them.
> 
> -Craig
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

More information about the erlang-questions mailing list