Closed ericmj closed 4 years ago
ericmj
commented
4 years ago It seems like Erlang errors if it doesn't support a given TLS version instead of simply ignoring it. There are also doesn't seem to be a public function to check if a version is supposed. We want to exclude older TLS versions <1.2 and the only way to do that seems to be explicitly list all TLS versions we want to use. So I am not sure how to proceed here.
/cc @voltone
voltone
commented
4 years ago There is :ssl.versions/0...
ericmj
commented
4 years ago Filtering against :ssl.versions/0 but it seems we have failure on OTP 22.3 so I think we have to filter on Application.spec(:ssl, :vsn) as well.
voltone
commented
4 years ago Yeah, I think that will be necessary, otherwise this would enable 1.3 also on 22.x versions that had experimental or buggy support. I would set a minimum requirement for ssl 9.6.2 or 10.0 for including TLS 1.3 in the defaults.
The failing tests were run on OTP 22.3, not 22.3.x, right? So that would be ssl 9.6, which I seem to remember did have some issues.
voltone
commented
4 years ago That doesn't work:
iex> {8, 0, 0} > {9, 0}
trueI remember being bitten by that too :)
Should work without List.to_tuple(), and comparing to [9, 0]...
voltone
commented
4 years ago With this it seems to work for me locally: https://github.com/elixir-mint/mint/commit/8408ab0441942675369afc4d12261ed978eaa42d
voltone
commented
4 years ago Did some more testing, and even ssl-9.6.2.2 (the latest one available on the 22.3 branch) has interop issues, so we need 10.x: https://github.com/voltone/mint/commit/42969a577b33c9303b6186daeca1625d4ebbf430
voltone
commented
4 years ago if ssl_version() <= [10, 0] do
That should be <, not <=
ericmj
commented
4 years ago As usual, thank you very much for you help @voltone! 💜
It seems to be working correctly in OTP 23 now so it should be safe to add.