[erlang-questions] ERL-823: SSL cipher_suites too limited when compiling with OPENSSL_NO_EC=1

Ingela Andin ingela.andin@REDACTED
Thu Jan 3 22:24:37 CET 2019


Hi!

This is a configuration problem I suggest solutions in the ERL-823.

Regards Ingela Erlang/OTP team

Den tors 3 jan. 2019 kl 21:18 skrev Nicholas Lundgaard <
nalundgaard@REDACTED>:

> Hi,
>
> I wanted to call ERL-823 (https://bugs.erlang.org/browse/ERL-823) to this
> list's attention. My company operates Erlang microservices in AWS on a
> kerl-built OTP installation on Amazon Linux (RedHat/CentOS-based), and
> we've encountered a serious challenge to upgrading to OTP 21: When you
> disable OpenSSL EC ciphers during an OTP build, which is necessary to build
> an OTP installation that doesn't erroneously think it has a bunch of EC
> ciphers that aren't built into the underlying OpenSSL, you're no longer
> able to connect to google.com via https (not to mention many, many other
> web properties, like much of AWS infrastructure).
>
> It confuses me that there is not a simpler way to align the Erlang
> crypto/ssl cipher support with the underlying openssl installation it's
> linked to, but that notwithstanding, It would be really helpful to have a
> flag to build OTP with support for RedHat/Fedora's EC cipher subset, or
> something similar to this.
>
> Thanks,
> —Nicholas Lundgaard
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190103/9195627d/attachment.htm>


More information about the erlang-questions mailing list