You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems like some sites are requiring the signature_algorithm extension. The TLS rfc says
7.4.1.4.1. Signature Algorithms
[...]
Note: this extension is not meaningful for TLS versions prior to 1.2.
Clients MUST NOT offer it if they are offering prior versions.
If you make sure no prior versions are offered it will work:
ssl:connect("login.live.com", 443, [{versions, ['tlsv1.2']}]).
Due to another bug this happend to work without the last argumet before :-/
ssl clients that have TLS-1.2 as desired version number will now allways send the
hello message on TLS-1.2 forma in compliance to
From RFC 5246
Appendix E. Backward Compatibility
E.1. Compatibility with TLS 1.0/1.1 and SSL 3.0
[...]
A TLS 1.2 client who wishes to negotiate with such older servers will
send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in
ClientHello.client_version. If the server does not support this
version, it will respond with a ServerHello containing an older
version number. If the client agrees to use this version, the
negotiation will proceed as appropriate for the negotiated protocol.
Original reporter:
olgeni
Affected version:
OTP-19.0.2
Fixed in version:
OTP-20.0
Component:
ssl
Migrated from: https://bugs.erlang.org/browse/ERL-206
The text was updated successfully, but these errors were encountered: