ERL-206: Cannot establish SSL connection to login.live.com:443

[OTP-Maintainer]

Original reporter: olgeni
Affected version: OTP-19.0.2
Fixed in version: OTP-20.0
Component: ssl
Migrated from: https://bugs.erlang.org/browse/ERL-206

---

The ssl application seems to be unable to connect to login.live.com since approximately 18.3.3 (IIRC).

18.3 used to work:

Erlang/OTP 18 [erts-7.3] [source] [64-bit] [smp:4:4] [async-threads:10] [kernel-poll:false]

Eshell V7.3  (abort with ^G)
1> application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2> ssl:connect("login.live.com", 443, []).
{ok,{sslsocket,{gen_tcp,#Port<0.793>,tls_connection,
                        undefined},
               <0.51.0>}}

Latest patch releases do not.

On 18.3.4.3:

Erlang/OTP 18 [erts-7.3.1.1] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V7.3.1.1  (abort with ^G)
1> application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2> ssl:connect("login.live.com", 443, []).
{error,closed}

On 19.0.3:

Erlang/OTP 19 [erts-8.0.2] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V8.0.2  (abort with ^G)
1> application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2> ssl:connect("login.live.com", 443, []).
{error,closed}

For the curious, accessing login.live.com is required to send push notifications to Windows phones.

[OTP-Maintainer]

ingela said:

It seems like some sites are requiring the signature_algorithm extension. The TLS  rfc says

7.4.1.4.1.  Signature Algorithms
[...]

   Note: this extension is not meaningful for TLS versions prior to 1.2.
   Clients MUST NOT offer it if they are offering prior versions.

If you make sure no prior versions are offered it will work:

ssl:connect("login.live.com", 443, [{versions, ['tlsv1.2']}]).

Due to another bug this happend to work without the last argumet before :-/

[OTP-Maintainer]

ingela said:

Some new angels on this issue has discovered, that has changed my mind on how this can be handled and be according to the specs.

[OTP-Maintainer]

ingela said:

ssl clients that have TLS-1.2 as desired version number will now allways send the
hello message on TLS-1.2 forma in compliance to 

 From RFC 5246    
    Appendix E.  Backward Compatibility
    
    E.1.  Compatibility with TLS 1.0/1.1 and SSL 3.0
    
       [...]
    
       A TLS 1.2 client who wishes to negotiate with such older servers will
       send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in
       ClientHello.client_version.  If the server does not support this
       version, it will respond with a ServerHello containing an older
       version number.  If the client agrees to use this version, the
       negotiation will proceed as appropriate for the negotiated protocol.