Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-1225

ssl:connect can't automatically choose cypher

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Not a Bug
    • Affects Version/s: OTP 22.2
    • Fix Version/s: None
    • Component/s: ssl
    • Labels:
      None

      Description

      I'm trying to use ssl:connect on echo.websocket.org without success:

      Erlang/OTP 22 [erts-10.6.4] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe]
      
      Eshell V10.6.4  (abort with ^G)
      application:ensure_all_started(ssl).
      {ok,[crypto,asn1,public_key,ssl]}
      ssl:connect("echo.websocket.org", 443, []).
      {error,closed}
      

      Using curl on the same host works:

      curl -v https://echo.websocket.org
      *   Trying 174.129.224.73:443...
      * Connected to echo.websocket.org (174.129.224.73) port 443 (#0)
      * ALPN, offering http/1.1
      * successfully set certificate verify locations:
      *   CAfile: /etc/ssl/certs/ca-certificates.crt
        CApath: /etc/ssl/certs
      * TLSv1.3 (OUT), TLS handshake, Client hello (1):
      * TLSv1.3 (IN), TLS handshake, Server hello (2):
      * TLSv1.2 (IN), TLS handshake, Certificate (11):
      * TLSv1.2 (IN), TLS handshake, Server finished (14):
      * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
      * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
      * TLSv1.2 (OUT), TLS handshake, Finished (20):
      * TLSv1.2 (IN), TLS handshake, Finished (20):
      * SSL connection using TLSv1.2 / AES128-SHA
      * ALPN, server did not agree to a protocol
      * Server certificate:
      *  subject: CN=websocket.org
      *  start date: Mar  5 18:02:55 2020 GMT
      *  expire date: Jun  3 18:02:55 2020 GMT
      *  subjectAltName: host "echo.websocket.org" matched cert's "*.websocket.org"
      *  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
      *  SSL certificate verify ok.
      > GET / HTTP/1.1
      > Host: echo.websocket.org
      > User-Agent: curl/7.69.1
      > Accept: */*
      >
      * Mark bundle as not supporting multiuse
      < HTTP/1.1 404 Not Found
      < Content-Type: text/html
      < Content-Length: 61
      <
      * Connection #0 to host echo.websocket.org left intact
      <html><head></head><body><h1>404 Not Found</h1></body></html>%
      

      After playing around for a while and using curl's output I was able to connect using this call:

      ssl:connect("echo.websocket.org", 443, [{ciphers, [ssl:str_to_suite("AES128-SHA")]}]).
      {ok,{sslsocket,{gen_tcp,#Port<0.7>,tls_connection,undefined},
                     [<0.113.0>,<0.112.0>]}}
      

      Shouldn't ssl:connect be able to automatically figure this out? Thanks!

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            michelboaventura Michel Boaventura
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: