:unacceptable_rsa_key TLS failure on local self-signed site

[ShahneRodgers]

Hi,

Thanks again for the library. I recently came across the following error when trying to connect to a Phoenix instance using the self-signed certificate:

[notice] TLS :server: In state :hello at ssl_handshake.erl:2109 generated SERVER ALERT: Fatal - Handshake Failure
 - :unacceptable_rsa_key

with the TLS connection failing on the client side. It seems to be related to erlang's ssl module / TLS1.3, since the easiest reproduction is: ssl.connect({127, 0, 0, 1}, 4001, [verify: :verify_none])

while :ssl.connect({127, 0, 0, 1}, 4001, [verify: :verify_none, versions: [:"tlsv1.2"]]) connects fine.

It seems to be related to the 1024-length RSA keys as changing them to default to 2048 (or to a different key type) fixes the problem. I haven't dug further to understand why browsers are connecting fine, so I'm not sure if this is a site_encrypt issue but figured I'd post it here in case anyone else comes across it and wants a quick fix.

[sasa1977]

Thanks for reporting! So should we move to 2048 for local acme?

[ShahneRodgers]

Moving to 2048 seems easiest to me, so I've added a PR to do that. I'm not an expert in TLS though, so I'm not sure if it's the best solution or if switching key types might be better.