Erlang OTP 23.0-rc2 is available for testing

Peter Dimitrov peterdmv@REDACTED
Thu Mar 26 15:22:57 CET 2020 

Hi,



This looks like something that we should investigate. Can you please open a
ticket at https://bugs.erlang.org/ ?

Thanks!



BR/Peter



-----Original Message-----
From: erlang-questions <erlang-questions-bounces@REDACTED> On Behalf Of
Loïc Hoguin
Sent: den 26 mars 2020 10:23
To: Kenneth Lundin <kenneth@REDACTED>; erlang-questions@REDACTED
Questions <erlang-questions@REDACTED>
Subject: Re: Erlang OTP 23.0-rc2 is available for testing



Hello,



Under a specific configuration of ssl we are getting the following system
reports:



*** System report during acceptor_SUITE:ssl_sni_echo/1 in ssl 2020-03-25

18:27:00.926 ***

=NOTICE REPORT==== 25-Mar-2020::18:27:00.926666 === TLS server: In state
hello at tls_handshake.erl:231 generated SERVER

ALERT: Fatal - Handshake Failure

  - malformed_handshake_data



*** System report during acceptor_SUITE:ssl_sni_echo/1 in ssl 2020-03-25

18:27:00.935 ***

=NOTICE REPORT==== 25-Mar-2020::18:27:00.935747 === TLS client: In state
hello received SERVER ALERT: Fatal - Handshake Failure



The server configuration is [{sni_hosts, [{"localhost", Opts}]}] where Opts
has cert/key self-generated (using the old erl_make_certs) and also
contains {versions, ['tlsv1.2']}.



The client has no particular configuration.



Forcing the client to use TLS 1.2 "fixes" the problem. Tests that do not
use sni_hosts but are otherwise configured the same do not have this issue.



This is the relevant test triggering this issue:

https://github.com/ninenines/ranch/blob/master/test/acceptor_SUITE.erl#L596



If this is an actual bug and not my misunderstanding I can open a ticket.



Note that we've restricted the server to TLS 1.2 to fix other issues that I
do not believe to be bugs in ssl. I haven't investigated it but since it
gets us insufficient security errors and that the self-generated
certificates use insecure algorithms I'm guessing it's probably the issue.
We will switch from erl_make_certs to the more modern approach of
generating certificates for tests in a future release.



Cheers,



On 25/03/2020 15:24, Kenneth Lundin wrote:

>

>     OTP 23 Release Candidate 2

>

> This is the second of three planned release candidates before the OTP

> 23 release.

> The intention with this release is to get feedback from our users. All

> feedback is welcome, even if it is only to say that it works for you.

>

> Erlang/OTP 23 is a new major release with new features, improvements

> as well as a few incompatibilities.

>

>

>       Potential Incompatibilities

>

>   * SSL:

>       o Support for SSL 3.0 is completely removed.

>       o TLS 1.3 is added to the list of default supported versions.

>   * |erl_interface|: Removed the deprecated parts of |erl_interface|

>     (|erl_interface.h| and essentially all C functions with prefix
|erl_|).

>   * The deprecated |erlang:get_stacktrace/0| BIF now returns an empty

>     list instead of a stacktrace.

>     |erlang:get_stacktrace/0| is scheduled for removal in OTP 24.

>   * ...

>

>

>       Highlights (rc2)

>

>   * ssh:

>       o OpenSSH 6.5 introduced a new file representation of

>         keys called |openssh-key-v1|. This is now supported with the

>         exception of

>         handling encrypted keys.

>       o Algorithm configuration could now be done in a .config file.

>         This is useful for example to enable an algorithm that

>         is disabled by default without need to change the code.

>   * ssl:

>       o Support for the middlebox compatibility mode makes the TLS 1.3

>         handshake

>         look more like a TLS 1.2 handshake and increases the chance of

>         successfully

>         establishing TLS 1.3 connections through legacy middleboxes.

>       o Add support for key exchange with Edward curves and PSS-RSA

>         padding in

>         signature verification

>   * The possibility to run Erlang distribution without

>     relying on EPMD has been extended. To achieve this a

>     couple of new options to the inet distribution has been

>     added.

>       o |-dist_listen false| Setup the distribution

>         channel, but do not listen for incoming connection.

>       o |-erl_epmd_port Port| Configure a default port that

>         the built-in EPMD client should return.

>       o ...

>   * A first EXPERIMENTAL |socket| backend to

>     |gen_tcp| and |inet| has been implemented. |gen_udp| and

>     |gen_sctp| will follow.

>     Putting |{inet_backend, socket}| as first option to |listen()| or

>     |connect()| makes it easy to try this for

>     existing code

>

>

>       Highlights (rc1)

>

>   * A new module |erpc| in kernel which implements an enhanced subset of

>     the operations provided by the |rpc| module. Enhanced in the sense

>     that it makes it possible to distinguish between returned value,

>     raised exceptions and other errors. |erpc| also has better

>     performance and scalability than the original |rpc| implementation.

>     This by utilizing the newly introduced |spawn_request()| BIF. Also

>     the |rpc| module benefits from these improvements by utilizing

>     |erpc| when possible.

>   * Scalability and performance Improvements plus new functionality

>     regarding distributed spawn operations.

>   * In binary matching, the size of the segment to be matched is now

>     allowed to be a guard expression (EEP-52)

>   * When matching with maps the keys can now be guard expressions
(EEP-52).

>   * ssh: support for TCP/IP port forwarding, a.k.a tunneling a.k.a as

>     tcp-forward/direct-tcp is implemented. In the OpenSSH client, this

>     corresponds to the options -L and -R.

>   * Allow underscores in numeric literals to improve readability.

>     Examples: |123_456_789|, |16#1234_ABCD|.

>   * New functions in the shell for displaying documentation for Erlang

>     modules, functions and types. The

>     functions are:

>       o |h/1,2,3| -- Print the documentation for a
|Module:Function/Arity|.

>       o |ht/1,2,3| -- Print the type documentation for a

>         |Module:Type/Arity|.

>         The embedded documentation is created as docchunks (EEP 48) when

>         building the Erlang/OTP documentation.

>   * kernel: The module |pg| with a new implementation of distributed

>     named process groups is introduced. The old module |pg2| is

>     deprecated and scheduled for removal in OTP 24.

>   * Our tool chain for building the Windows packages is upgraded with

>     new C++ compiler, Java compiler, OpenSSL libraries and wxWidgets

>     versions. We are now using WSL (the Linux Subsystem for Windows when

>     building) which makes it easier to handle the build environment.

>   * ...

>

> For more details see

> http://erlang.org/download/otp_src_23.0-rc2.readme

>

> Pre built versions for Windows can be fetched here:

> http://erlang.org/download/otp_win32_23.0-rc2.exe

> http://erlang.org/download/otp_win64_23.0-rc2.exe

>

> Online documentation can be browsed here:

> http://erlang.org/documentation/doc-11.0-rc2/doc

> The Erlang/OTP source can also be found at GitHub on the official

> Erlang repository, https://github.com/erlang/otp

>



--

Loïc Hoguin

https://ninenines.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20200326/0056dfbf/attachment-0001.htm>

More information about the erlang-questions mailing list