Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-1206

ssl sni_hosts malformed_handshake_data

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 23.0-RC2
    • Fix Version/s: 23.0
    • Component/s: ssl
    • Labels:
      None

      Description

      Under a specific configuration of ssl we are getting the following system reports:

      *** System report during acceptor_SUITE:ssl_sni_echo/1 in ssl 2020-03-25 18:27:00.926 ***
      =NOTICE REPORT==== 25-Mar-2020::18:27:00.926666 ===
      TLS server: In state hello at tls_handshake.erl:231 generated SERVER ALERT: Fatal - Handshake Failure
       - malformed_handshake_data
      
      *** System report during acceptor_SUITE:ssl_sni_echo/1 in ssl 2020-03-25 18:27:00.935 ***
      =NOTICE REPORT==== 25-Mar-2020::18:27:00.935747 ===
      TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure
      

      The server configuration is

      [{sni_hosts, [{"localhost", Opts}]}]
      

      where Opts has cert/key self-generated (using the old erl_make_certs) and also contains

      {versions, ['tlsv1.2']}
      

      .

      The client has no particular configuration.

      Forcing the client to use TLS 1.2 "fixes" the problem. Tests that do not use sni_hosts but are otherwise configured the same do not have this issue.

      This is the relevant test triggering this issue: https://github.com/ninenines/ranch/blob/master/test/acceptor_SUITE.erl#L596

      If this is an actual bug and not my misunderstanding I can open a ticket.

      Note that we've restricted the server to TLS 1.2 to fix other issues that I do not believe to be bugs in ssl. I haven't investigated it but since it gets us insufficient security errors and that the self-generated certificates use insecure algorithms I'm guessing it's probably the issue. We will switch from erl_make_certs to the more modern approach of generating certificates for tests in a future release.

        Attachments

          Activity

            People

            Assignee:
            peterdmv P├ęter Dimitrov
            Reporter:
            essen essen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: