Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-823

SSL cipher_suites too limited when compiling with OPENSSL_NO_EC=1



    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Not a Bug
    • Affects Version/s: 21.0, 21.1, 21.2
    • Fix Version/s: None
    • Component/s: crypto, ssl
    • Labels:


      Many companies, including my own, use Erlang/OTP built and running on a RedHat/CentOS/Fedora-based Linux system, such as Amazon Linux. These systems use a customized OpenSSL installation that eschews most elliptic curve ciphers due to patent concerns on the part of RedHat. This means that, in order to get a reliable working Erlang installation on the platform, a developer's only option (outside of baking one's own OpenSSL a generally discouraged practice for enterprise systems) is to compile Erlang/OTP with

      export CFLAGS="-O2 -g -DOPENSSL_NO_EC=1"

      I and others have reported a lot more about this issue under the Erlang/OTP building utility kerl: See kerl/kerl#212 and kerl/kerl#279.

      Now, using OPENSSL_NO_EC=1 has worked fine for all Erlang/OTP releases through Erlang/OTP 20.3 (with the exception of 20.0-20.2, which had a compilation bug). Unfortunately, as of Erlang/OTP 21.0, the available cipher_suites when building OTP in this way is so pared down that you really can't use SSL at all.

      In OTP 20.3 built with OPENSSL_NO_EC=1, this was the available list of ciphers in the ssl module:

      Erlang/OTP 20 [erts-] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]
      Eshell V9.3.3.3  (abort with ^G)
      1> ssl:cipher_suites().

      In Erlang/OTP 21 built with OPENSSL_NO_EC=1, this is the list:

      Erlang/OTP 21 [erts-10.2.1] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1] [hipe]
      Eshell V10.2.1  (abort with ^G)
      1> ssl:cipher_suites().

      The cipher suites have been cut from 21 to 12, and as a result, clients can't even negotiate an SSL connection to google.com:

      =INFO REPORT==== 3-Jan-2019::09:12:44.709649 ===
      TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure
                              {inet,[inet],{tls_alert,"handshake failure"}}]}}

      Not to mention many other important HTTPS servers, like most of AWS's internal services (S3, DynamoDB, etc).

      It would be ideal if Erlang/OTP actually consulted the linked OpenSSL installation for available ciphers during compilation, since they can be consulted directly. However, barring that, perhaps it is possible to provide a compilation option that would allow RedHat/CentOS users to build an OTP with some, but not all, of the EC ciphers and the attendant SSL cipher suites.


          Issue Links



              ingela Ingela Anderton Andin
              nalundgaard Nicholas Lundgaard
              1 Vote for this issue
              4 Start watching this issue