Closed ericmj closed 4 years ago
It seems like Erlang errors if it doesn't support a given TLS version instead of simply ignoring it. There are also doesn't seem to be a public function to check if a version is supposed. We want to exclude older TLS versions <1.2 and the only way to do that seems to be explicitly list all TLS versions we want to use. So I am not sure how to proceed here.
/cc @voltone
There is :ssl.versions/0
...
Filtering against :ssl.versions/0
but it seems we have failure on OTP 22.3 so I think we have to filter on Application.spec(:ssl, :vsn)
as well.
Yeah, I think that will be necessary, otherwise this would enable 1.3 also on 22.x versions that had experimental or buggy support. I would set a minimum requirement for ssl 9.6.2 or 10.0 for including TLS 1.3 in the defaults.
The failing tests were run on OTP 22.3, not 22.3.x, right? So that would be ssl 9.6, which I seem to remember did have some issues.
That doesn't work:
iex> {8, 0, 0} > {9, 0}
true
I remember being bitten by that too :)
Should work without List.to_tuple()
, and comparing to [9, 0]
...
With this it seems to work for me locally: https://github.com/elixir-mint/mint/commit/8408ab0441942675369afc4d12261ed978eaa42d
Did some more testing, and even ssl-9.6.2.2 (the latest one available on the 22.3 branch) has interop issues, so we need 10.x: https://github.com/voltone/mint/commit/42969a577b33c9303b6186daeca1625d4ebbf430
if ssl_version() <= [10, 0] do
That should be <
, not <=
As usual, thank you very much for you help @voltone! 💜
It seems to be working correctly in OTP 23 now so it should be safe to add.