[erlang-questions] Handshake failure with DHE-DSS cipher suites

Per Hedeland per@REDACTED
Mon May 14 19:54:00 CEST 2018


For no other reason than the fact that our documentation claims that we
support all the ciphers listed by ssl:cipher_suites(openssl) (users can
select a subset by configuring a list of OpenSSL names), I actually have
a test that tries them individually, and in OTP 20 ssl:ssl_accept()
fails with {error, {tls_alert,"handshake failure"}} for all the DHE-DSS
suites - i.e.




After debugging a bit with the first one, I found that the failure was
due to a function_clause error, and that this change made it work:

--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -505,7 +505,9 @@ pkix_sign_types(?'ecdsa-with-SHA256') ->
 pkix_sign_types(?'ecdsa-with-SHA384') ->
     {sha384, ecdsa};
 pkix_sign_types(?'ecdsa-with-SHA512') ->
-    {sha512, ecdsa}.
+    {sha512, ecdsa};
+pkix_sign_types({2,16,840,1,101,3,4,3,2}) ->
+    {sha256, dsa}.

 -spec sign(binary() | {digest, binary()},

Some googling indicates that the oid-tuple could reasonably be named
'id-dsa-with-sha256', no real surprise there - a bit more surprising is
that the change actually makes *all* of those suites work. Now, I don't
really know what I'm doing here, so: Is this just an omission in the
public_key code and the above a reasonable fix, or is there some
fundamental reason that pkix_sign_types/1 shouldn't handle that oid?
(And if the latter, how can the DHE-DSS suites be made to work without

The test was run with 'openssl s_client' connecting to 20.3.6 - I can't
easily plug 21.0-rc1 into the test, but it seems at least
public_key:pkix_sign_types/1 is the same there.


--Per Hedeland

More information about the erlang-questions mailing list