New SSL option to set TLS record version?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

New SSL option to set TLS record version?

Ryan Stewart
I've run across a faulty SSL server implementation that appears to send a "handshake failure" alert if the ClientHello protocol version isn't equal to the TLS record version. In Erlang, different major versions choose the TLS record version differently. None of them are wrong according the TLS spec, but some of them break when I'm trying to connect to these bad server implementations.

What do you think of adding a new ssl_option like "client_hello_tls_record_version" to let us explicitly set the version to be used? Ideally, it would support values like 'tlsv1', 'tlsv1_2', 'lowest', 'highest', and 'same_as_client_hello', for example.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: New SSL option to set TLS record version?

Ingela Andin
Hi!

It would be thinkable to have such an option for introp reasons. PR are welcome.

Regards Ingela Erlang/OTP Team - Ericsson ABĀ 

2018-05-09 17:30 GMT+02:00 Ryan Stewart <[hidden email]>:
I've run across a faulty SSL server implementation that appears to send a "handshake failure" alert if the ClientHello protocol version isn't equal to the TLS record version. In Erlang, different major versions choose the TLS record version differently. None of them are wrong according the TLS spec, but some of them break when I'm trying to connect to these bad server implementations.

What do you think of adding a new ssl_option like "client_hello_tls_record_version" to let us explicitly set the version to be used? Ideally, it would support values like 'tlsv1', 'tlsv1_2', 'lowest', 'highest', and 'same_as_client_hello', for example.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions