Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-968

TLS error "CLIENT ALERT: Fatal - Internal Error" when connecting to AWS Redis

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 22.0, 21.3
    • Fix Version/s: 21.3.8.5, 22.0.4
    • Component/s: None
    • Labels:
      None

      Description

      When connecting to Amazon ElastiCache Redis over TLS using OTP 21.3 and OTP 22, the TLS connection is failing with :

      =INFO REPORT==== 6-Jun-2019::13:45:58.541253 ===
      TLS client: In state certify at ssl_handshake.erl:364 generated CLIENT ALERT: Fatal - Internal Error - {unexpected_error,{badmatch,{error,{asn1,{...}}}}}
      {error,{tls_alert,{internal_error,"received CLIENT ALERT: Fatal - Internal Error - {unexpected_error,{badmatch,{error,{asn1,{...}}}}}"}}}
      

      The connection succeeds with OTP 21.2. The OTP 21.3 release note suggests that there were many changes on the SSL module so may be one of those makes this request to fail. I tried many different options with ssl:socket with no luck. I couldn't figure what could possibly be the issue from looking at the code.

      I put below the step to reproduce the issue :

      Success on OTP 21.2

      user@host:/# erl
      Erlang/OTP 21 [erts-10.2.5] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]
      
      Eshell V10.2.5  (abort with ^G)
      1> application:ensure_all_started(ssl).
      {ok,[crypto,asn1,public_key,ssl]}
      2> {ok, Socket} = gen_tcp:connect("aws_redis_hostname", 6379,  [], infinity).
      {ok,#Port<0.7>}
      3> ssl:connect(Socket, [], infinity).
      {ok,{sslsocket,{gen_tcp,#Port<0.7>,tls_connection,undefined},
                     [<0.101.0>,<0.100.0>]}}
      

      Failure on OTP 21.3 :

      user@host:/# erl
      Erlang/OTP 21 [erts-10.3] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]
      
      Eshell V10.3  (abort with ^G)
      1> application:ensure_all_started(ssl).
      {ok,[crypto,asn1,public_key,ssl]}
      2> {ok, Socket} = gen_tcp:connect("aws_redis_hostname", 6379,  [], infinity).
      {ok,#Port<0.7>}
      3> ssl:connect(Socket, [], infinity).
      =INFO REPORT==== 6-Jun-2019::13:45:58.541253 ===
      TLS client: In state certify at ssl_handshake.erl:364 generated CLIENT ALERT: Fatal - Internal Error - {unexpected_error,{badmatch,{error,{asn1,{...}}}}}
      {error,{tls_alert,{internal_error,"received CLIENT ALERT: Fatal - Internal Error - {unexpected_error,{badmatch,{error,{asn1,{...}}}}}"}}}
      

      If someone more knowledgeable on this SSL module could help it would be fantastic. Thanks in advance !

        Attachments

          Activity

            People

            Assignee:
            otp_team_ps Team PS
            Reporter:
            norman.vourlat@forti.io Norman Vourlat
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: