[erlang-questions] SSL handshake failure

Justin Wood justin.k.wood@REDACTED
Wed Dec 21 14:47:08 CET 2016


After upgrading to Erlang OTP-19.2 and, in different requests, specified
the version as one of tlsv1, tlsv1.1 or tlsv1.2. Every time I received the
same error.

I'm not sure if it is helpful at all, but I can replicate this on Windows,
OSX 10.11 (El Capitan) and Ubuntu 14.04. I have not tried on other
platforms.

Is there any other information that I would be able to give that would be
helpful?

On Wed, Dec 21, 2016 at 3:38 AM, Technion <technion@REDACTED> wrote:

> Hi Justin,
>
>
> Is this earlier discussion relevant:
>
>
> http://erlang.org/pipermail/erlang-questions/2016-November/090780.html
>
>
>
>
>
> ------------------------------
> *From:* erlang-questions-bounces@REDACTED <erlang-questions-bounces@
> erlang.org> on behalf of Justin Wood <justin.k.wood@REDACTED>
> *Sent:* Wednesday, 21 December 2016 11:56 AM
> *To:* erlang-questions@REDACTED
> *Subject:* [erlang-questions] SSL handshake failure
>
> Hi there,
>
> I am attempting to use the ssl module in order to get a socket to a remote
> server (MongoDB). I am using the following line of code (OTP 19)
>
> ssl:connect("my-server.net", 27017, [binary, {active, false}, {packet,
> raw}], 5000).
>
> Whenever I use this, I get the following:
>
> =ERROR REPORT==== 20-Dec-2016::19:13:13 ===
> SSL: certify: tls_connection.erl:603:Fatal error: handshake failure -
> malformed_handshake
> {error,{tls_alert,"handshake failure"}}
>
> Which lead me to look into erlang:get_stacktrace/0
>
> erlang:get_stacktrace().
> [{tls_connection,start_fsm,8,
>                  [{file,"tls_connection.erl"},{line,79}]},
>  {ssl_connection,connect,8,
>                  [{file,"ssl_connection.erl"},{line,84}]},
>  {erl_eval,do_apply,6,[{file,"erl_eval.erl"},{line,674}]},
>  {shell,exprs,7,[{file,"shell.erl"},{line,686}]},
>  {shell,eval_exprs,7,[{file,"shell.erl"},{line,641}]},
>  {shell,eval_loop,3,[{file,"shell.erl"},{line,626}]}]
>
> My problem is that the certificate that the server is using should be
> legitimate. I can connect, without error, using other clients and languages.
>
> I took a look through Wireshark in order to try and figure out what is
> going on and this is what I see.
>
> * The Client says hello and presents a list of cipher suites.
> * The Server says hello and says that it wants to use
> TLS_RSA_WITH_AES_256_GCM_SHA384 (This cipher is in the list that the
> client sends)
> * The Server sends the Client the certificates it is using (these both
> appear to be signed by DigiCert).
> * The Server sends an encrypted handshake message.
> * The Client responds with a Fatal Alert stating a Handshake Failure.
> * The Server sends another encrypted handshake message.
>
> I have verified that ssl:connect/4 is working fine as I can connect to a
> number of different miscellaneous services (including a number of other
> MongoDB instances).
>
> I was wondering if there is anything else I can do to try and figure out
> why erlang does not allow this connection.
>
> Justin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20161221/6054ecd6/attachment.htm>


More information about the erlang-questions mailing list