[erlang-questions] OTP 20.3 has no gcm ciphers

Ingela Andin ingela.andin@REDACTED
Thu Mar 15 09:38:08 CET 2018 

Hi!

Well that was not intended, but I would not worry too much about it. We
plan to deprecate the ssl:cipher_suites/1 function in 21 and this function
is not used in runtime of the ssl application.
I have not investigated why yet but we will fix it.

Regards Ingela Erlang/OTP team - Ericsson AB

2018-03-14 19:10 GMT+01:00 derek <denc716@REDACTED>:

> I can reproduce the issue,  while I change to call this
> http://erlang.org/doc/man/ssl.html#cipher_suites-2
>
> with 2nd argument 'tlsv1.2'  it seems still have some gcm ciphers;
> wonder is this change intended ?   I am not seeing the change in
> http://erlang.org/download/otp_src_20.3.readme
>
> 13> ssl:cipher_suites(all, 'tlsv1.2').
> [#{cipher => aes_256_gcm,key_exchange => ecdhe_ecdsa,
>    mac => aead,prf => sha384},
>  #{cipher => aes_256_gcm,key_exchange => ecdhe_rsa,mac => aead,
>    prf => sha384},
>  #{cipher => aes_256_cbc,key_exchange => ecdhe_ecdsa,
>    mac => sha384,prf => sha384},
>  #{cipher => aes_256_cbc,key_exchange => ecdhe_rsa,
>    mac => sha384,prf => sha384},
>  #{cipher => aes_256_gcm,key_exchange => ecdh_ecdsa,
>    mac => aead,prf => sha384},
>  #{cipher => aes_256_gcm,key_exchange => ecdh_rsa,mac => aead,
>    prf => sha384},
>  #{cipher => aes_256_cbc,key_exchange => ecdh_ecdsa,
>    mac => sha384,prf => sha384},
>  #{cipher => aes_256_cbc,key_exchange => ecdh_rsa,
>    mac => sha384,prf => sha384},
>  #{cipher => chacha20_poly1305,key_exchange => ecdhe_ecdsa,
>    mac => aead,prf => sha256},
>  #{cipher => chacha20_poly1305,key_exchange => ecdhe_rsa,
>    mac => aead,prf => sha256},
>  #{cipher => chacha20_poly1305,key_exchange => dhe_rsa,
>    mac => aead,prf => sha256},
>  #{cipher => aes_256_gcm,key_exchange => dhe_rsa,mac => aead,
>    prf => sha384},
>  #{cipher => aes_256_gcm,key_exchange => dhe_dss,mac => aead,
>    prf => sha384},
>
>
>
> On Wed, Mar 14, 2018 at 9:18 AM, Leo Liu <sdl.web@REDACTED> wrote:
> > I just compiled Erlang 20.3 from github with openssl 1.0.1 (centos 7)
> > and 1.0.2 (Sierra 10.12.6). ssl:cipher_suites(erlang) returns no gcm
> > ciphers.
> >
>
> > I have previously compiled 20.2 from source and it has gcm ciphers. I
> > wonder if this is an intended change in OTP 20.3? Thanks.
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180315/afc89182/attachment.htm>

More information about the erlang-questions mailing list