search

benoitc / hackney

simple HTTP client in Erlang
Other
1.34k stars 427 forks source link

Fixed ssl connection issue on OTP23 rc2 #619

Closed soranoba closed 4 years ago

soranoba commented 4 years ago

I'm not sure exactly when, but I've confirmed that sslv3 is disabled by default in OTP23 RC2.

1> ssl:versions().
[{ssl_app,"9.2"},
 {default_supported,['tlsv1.3','tlsv1.2']},
 {default_supported_dtls,['dtlsv1.2']},
 {available,['tlsv1.3','tlsv1.2','tlsv1.1',tlsv1]},
 {available_dtls,['dtlsv1.2',dtlsv1]},
 {crypto_support,['tlsv1.3','tlsv1.2','tlsv1.1',tlsv1]},
 {crypto_support_dtls,['dtlsv1.2',dtlsv1]}]

The ssl module will return an error if some are not supported by the default ssl_option specified by hackney.

1> application:ensure_all_started(hackney).
{ok,[unicode_util_compat,idna,mimerl,certifi,ssl_verify_fun,
     metrics,hackney]}
2> hackney:request(<<"https://google.com">>).              
{error,{options,{sslv3,{versions,['tlsv1.2','tlsv1.1',tlsv1,
                                  sslv3]}}}}

This PR will prevent this by using ssl:versions/0.

1> application:ensure_all_started(hackney).
{ok,[unicode_util_compat,idna,mimerl,certifi,ssl_verify_fun,
     metrics,hackney]}
2> hackney:request(<<"https://google.com">>).
2020-04-15T17:48:02.094798+09:00 notice: TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure
{error,{tls_alert,{handshake_failure,"TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure\n "}}}

I'm not sure why the handshake fails, but my server becomes able to respond now. I chose available because the other keys have been rewritten to different in this commit.

thanks.

soranoba commented 4 years ago

thx!!

stefanchrobot commented 4 years ago

Thanks for fixing the issue! Would you consider a patch release?

benoitc commented 4 years ago

this is in in progress, it was too late to make one last night. I will make one today.

On Fri 15 May 2020 at 00:52 Stefan Chrobot notifications@github.com wrote:

Thanks for fixing the issue! Would you consider a patch release?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/benoitc/hackney/pull/619#issuecomment-628926516, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAADRIVOEHVWLLOQKJWMWMTRRRY37ANCNFSM4MIM323Q .

-- Sent from my Mobile