[erlang-questions] OTP 20.3 has no gcm ciphers

derek denc716@REDACTED
Wed Mar 14 19:10:54 CET 2018


I can reproduce the issue,  while I change to call this
http://erlang.org/doc/man/ssl.html#cipher_suites-2

with 2nd argument 'tlsv1.2'  it seems still have some gcm ciphers;
wonder is this change intended ?   I am not seeing the change in
http://erlang.org/download/otp_src_20.3.readme

13> ssl:cipher_suites(all, 'tlsv1.2').
[#{cipher => aes_256_gcm,key_exchange => ecdhe_ecdsa,
   mac => aead,prf => sha384},
 #{cipher => aes_256_gcm,key_exchange => ecdhe_rsa,mac => aead,
   prf => sha384},
 #{cipher => aes_256_cbc,key_exchange => ecdhe_ecdsa,
   mac => sha384,prf => sha384},
 #{cipher => aes_256_cbc,key_exchange => ecdhe_rsa,
   mac => sha384,prf => sha384},
 #{cipher => aes_256_gcm,key_exchange => ecdh_ecdsa,
   mac => aead,prf => sha384},
 #{cipher => aes_256_gcm,key_exchange => ecdh_rsa,mac => aead,
   prf => sha384},
 #{cipher => aes_256_cbc,key_exchange => ecdh_ecdsa,
   mac => sha384,prf => sha384},
 #{cipher => aes_256_cbc,key_exchange => ecdh_rsa,
   mac => sha384,prf => sha384},
 #{cipher => chacha20_poly1305,key_exchange => ecdhe_ecdsa,
   mac => aead,prf => sha256},
 #{cipher => chacha20_poly1305,key_exchange => ecdhe_rsa,
   mac => aead,prf => sha256},
 #{cipher => chacha20_poly1305,key_exchange => dhe_rsa,
   mac => aead,prf => sha256},
 #{cipher => aes_256_gcm,key_exchange => dhe_rsa,mac => aead,
   prf => sha384},
 #{cipher => aes_256_gcm,key_exchange => dhe_dss,mac => aead,
   prf => sha384},



On Wed, Mar 14, 2018 at 9:18 AM, Leo Liu <sdl.web@REDACTED> wrote:
> I just compiled Erlang 20.3 from github with openssl 1.0.1 (centos 7)
> and 1.0.2 (Sierra 10.12.6). ssl:cipher_suites(erlang) returns no gcm
> ciphers.
>

> I have previously compiled 20.2 from source and it has gcm ciphers. I
> wonder if this is an intended change in OTP 20.3? Thanks.



More information about the erlang-questions mailing list