Hello Marc,
Sorry, I wasn't clear, this error is from my *local development machine*,
I'm using:
Kubuntu 20.04
OpenSSL 1.1.1f 31 Mar 2020
Chrome 81.0.4044.138
Erlang 22.3
Zotonic 0.57.0
Is there a place within Zotonic or Erlang to enable these ciphers? I saw in
the Zotonic documentation for version 1.0 that it's possible to implement a
function to add SSL options
<http://docs.zotonic.com/en/latest/ref/configuration/port-ssl-configuration.html#adding-your-own-ssl-options-or-certificates>,
but I don't know if it's supported on 0.x and if it's the correct way to
handle this.
I sending as an attachment the versions and cipher suites of both erlang
20.3 (the one I'm using with zotonic 0.56.0) and 22.3.
I appreciate it if you can give a look at it (no hurry, hehe).
Cheers!
--
Álvaro Gianni Pagliari
alvaropag [at] gmail [dot] com
Em ter., 12 de mai. de 2020 às 15:13, 'Marc Worrell' via Zotonic developers
<[email protected]> escreveu:
> A quick search gave me this:
>
> https://bugs.erlang.org/plugins/servlet/mobile#issue/ERL-826
>
> Is your server up to date with the ciphers?
>
> Tomorrow I can check my local install against OTP-22.
>
> Cheers, Marc
>
>
>
> Sent from my iPhone
>
> On 12 May 2020, at 19:35, Alvaro Pagliari <[email protected]> wrote:
>
>
> Hello,
>
> I just updated my local zotonic installation to 0.57.0 with erlang 22.3.
> It starts normally, but when I try to access one of the sites this error
> pops up:
>
>
> *TLS server: In state start at tls_handshake_1_3.erl:1932 generated SERVER
> ALERT: Fatal - Insufficient Security - no_suitable_cipher*
>
> I removed my certs and let zotonic recreate them, also tried to remove and
> create a new dh-params.pem but with no luck.
>
> Do I need to enable a new module? Maybe some configuration changed?
>
> Any help is appreciated, thanks!
>
> --
> Álvaro Pagliari
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Zotonic developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zotonic-developers/6e086be6-7392-4c53-b473-47a2734f6d1e%40googlegroups.com
> <https://groups.google.com/d/msgid/zotonic-developers/6e086be6-7392-4c53-b473-47a2734f6d1e%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Zotonic developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zotonic-developers/8FAC43F8-CDC1-4002-B9D9-A1AE8E93A0A6%40mac.com
> <https://groups.google.com/d/msgid/zotonic-developers/8FAC43F8-CDC1-4002-B9D9-A1AE8E93A0A6%40mac.com?utm_medium=email&utm_source=footer>
> .
>
--
---
You received this message because you are subscribed to the Google Groups
"Zotonic developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/zotonic-developers/CAOuQNV1VRBrbo-UxDonPv1TO2cuj3iitCpjjmLFsj3KV8K7SLg%40mail.gmail.com.
erlang 20.3
> ssl:versions().
[{ssl_app,"8.2.4"},
{supported,['tlsv1.2','tlsv1.1',tlsv1]},
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
> io:format("~p~n", [ssl:cipher_suites()]).
[{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
{ecdhe_rsa,aes_256_cbc,sha384,sha384},
{ecdh_ecdsa,aes_256_cbc,sha384,sha384},
{ecdh_rsa,aes_256_cbc,sha384,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{rsa,aes_256_cbc,sha256},
{ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
{ecdhe_rsa,aes_128_cbc,sha256,sha256},
{ecdh_ecdsa,aes_128_cbc,sha256,sha256},
{ecdh_rsa,aes_128_cbc,sha256,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{rsa,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_rsa,aes_256_cbc,sha},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{ecdh_ecdsa,aes_256_cbc,sha},
{ecdh_rsa,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha},
{ecdhe_ecdsa,aes_128_cbc,sha},
{ecdhe_rsa,aes_128_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha},
{ecdh_ecdsa,aes_128_cbc,sha},
{ecdh_rsa,aes_128_cbc,sha},
{rsa,aes_128_cbc,sha},
{ecdhe_ecdsa,'3des_ede_cbc',sha},
{ecdhe_rsa,'3des_ede_cbc',sha},
{dhe_rsa,'3des_ede_cbc',sha},
{dhe_dss,'3des_ede_cbc',sha},
{ecdh_ecdsa,'3des_ede_cbc',sha},
{ecdh_rsa,'3des_ede_cbc',sha},
{rsa,'3des_ede_cbc',sha}]
erlang 22.3
> ssl:versions().
[{ssl_app,"9.2"},
{supported,['tlsv1.2']},
{supported_dtls,['dtlsv1.2']},
{available,['tlsv1.3','tlsv1.2','tlsv1.1',tlsv1,sslv3]},
{available_dtls,['dtlsv1.2',dtlsv1]}]
> io:format("~p~n", [ssl:cipher_suites()]).
[{ecdhe_ecdsa,aes_256_gcm,aead,sha384},
{ecdhe_rsa,aes_256_gcm,aead,sha384},
{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
{ecdhe_rsa,aes_256_cbc,sha384,sha384},
{ecdh_ecdsa,aes_256_gcm,aead,sha384},
{ecdh_rsa,aes_256_gcm,aead,sha384},
{ecdh_ecdsa,aes_256_cbc,sha384,sha384},
{ecdh_rsa,aes_256_cbc,sha384,sha384},
{dhe_rsa,aes_256_gcm,aead,sha384},
{dhe_dss,aes_256_gcm,aead,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{ecdhe_ecdsa,aes_128_gcm,aead,sha256},
{ecdhe_rsa,aes_128_gcm,aead,sha256},
{ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
{ecdhe_rsa,aes_128_cbc,sha256,sha256},
{ecdh_ecdsa,aes_128_gcm,aead,sha256},
{ecdh_rsa,aes_128_gcm,aead,sha256},
{ecdh_ecdsa,aes_128_cbc,sha256,sha256},
{ecdh_rsa,aes_128_cbc,sha256,sha256},
{dhe_rsa,aes_128_gcm,aead,sha256},
{dhe_dss,aes_128_gcm,aead,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_rsa,aes_256_cbc,sha},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{ecdh_ecdsa,aes_256_cbc,sha},
{ecdh_rsa,aes_256_cbc,sha},
{ecdhe_ecdsa,aes_128_cbc,sha},
{ecdhe_rsa,aes_128_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha},
{ecdh_ecdsa,aes_128_cbc,sha},
{ecdh_rsa,aes_128_cbc,sha}]
