[erlang-questions] Different SSL behaviours, how to pick ciphers?

Ingela Andin ingela.andin@REDACTED
Mon Aug 8 17:42:19 CEST 2016


Hi!


2016-07-13 17:27 GMT+02:00 André Cruz <andre@REDACTED>:

> Hello Fred.
>
> > On 13 Jul 2016, at 14:41, Fred Hebert <mononcqc@REDACTED> wrote:
> >
> > On 07/12, André Cruz wrote:
> >> As can be seen I cannot establish a connection using the container
> version of Erlang. Looking at the traffic I can see that the ClientHello
> message specifies SSLv3 ciphers, while the version that works uses TLS1.2.
> How can I influence this choice of ciphers? Is it a problem with the
> openssl lib in the container image?
> >>
> >
> > You should at the very least have some basic configuration of SSL in
> Erlang -- the one that ships stock isn't particularly great.
>
> I've found the difference in the default SSL configuration between 18.3.1
> and 18.3.2.
>
> 18.3.1 uses TLS1.2 records:
>
> TLSv1.2 Record Layer: Handshake Protocol: Client Hello
>     Content Type: Handshake (22)
>     Version: TLS 1.0 (0x0301)
>     Length: 279
>
>
> 18.3.2 uses SSL records:
>
> SSL Record Layer: Handshake Protocol: Client Hello
>     Content Type: Handshake (22)
>     Version: TLS 1.0 (0x0301)
>     Length: 249
>
> It's strange to change this default in a minor version upgrade. Is this
> something that can be configured? I've found that some SSL servers drop the
> connection immediately when SSL records are used.
>
>
Huum ... I think this was suppose to be a bug fix, maybe I got it wrong I
will investigate.

Regards Ingela Erlang/OTP team - Ericsson AB



> Thanks,
> André
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160808/a16cec88/attachment.htm>


More information about the erlang-questions mailing list