Under a specific configuration of ssl we are getting the following system reports:
The server configuration is
where Opts has cert/key self-generated (using the old erl_make_certs) and also contains
The client has no particular configuration.
Forcing the client to use TLS 1.2 "fixes" the problem. Tests that do not use sni_hosts but are otherwise configured the same do not have this issue.
This is the relevant test triggering this issue: https://github.com/ninenines/ranch/blob/master/test/acceptor_SUITE.erl#L596
If this is an actual bug and not my misunderstanding I can open a ticket.
Note that we've restricted the server to TLS 1.2 to fix other issues that I do not believe to be bugs in ssl. I haven't investigated it but since it gets us insufficient security errors and that the self-generated certificates use insecure algorithms I'm guessing it's probably the issue. We will switch from erl_make_certs to the more modern approach of generating certificates for tests in a future release.