Hello Marc,
Sorry, I wasn't clear, this error is from my *local development machine*,
I'm using:
Kubuntu 20.04
OpenSSL 1.1.1f 31 Mar 2020
Chrome 81.0.4044.138
Erlang 22.3
Zotonic 0.57.0
Is there a place within Zotonic or Erlang to enable these ciphers? I saw in
the Zotonic documentation for version 1.0 that it's possible to implement a
function to add SSL options
<http://docs.zotonic.com/en/latest/ref/configuration/port-ssl-configuration.html#adding-your-own-ssl-options-or-certificates>,
but I don't know if it's supported on 0.x and if it's the correct way to
handle this.
I sending as an attachment the versions and cipher suites of both erlang
20.3 (the one I'm using with zotonic 0.56.0) and 22.3.
I appreciate it if you can give a look at it (no hurry, hehe).
Cheers!
--
Álvaro Gianni Pagliari
alvaropag [at] gmail [dot] com
Em ter., 12 de mai. de 2020 às 15:13, 'Marc Worrell' via Zotonic developers
<zotonic-developers@googlegroups.com> escreveu:
> A quick search gave me this:
>
> https://bugs.erlang.org/plugins/servlet/mobile#issue/ERL-826
>
> Is your server up to date with the ciphers?
>
> Tomorrow I can check my local install against OTP-22.
>
> Cheers, Marc
>
>
>
> Sent from my iPhone
>
> On 12 May 2020, at 19:35, Alvaro Pagliari <alvaro...@gmail.com> wrote:
>
>
> Hello,
>
> I just updated my local zotonic installation to 0.57.0 with erlang 22.3.
> It starts normally, but when I try to access one of the sites this error
> pops up:
>
>
> *TLS server: In state start at tls_handshake_1_3.erl:1932 generated SERVER
> ALERT: Fatal - Insufficient Security - no_suitable_cipher*
>
> I removed my certs and let zotonic recreate them, also tried to remove and
> create a new dh-params.pem but with no luck.
>
> Do I need to enable a new module? Maybe some configuration changed?
>
> Any help is appreciated, thanks!
>
> --
> Álvaro Pagliari
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Zotonic developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zotonic-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zotonic-developers/6e086be6-7392-4c53-b473-47a2734f6d1e%40googlegroups.com
> <https://groups.google.com/d/msgid/zotonic-developers/6e086be6-7392-4c53-b473-47a2734f6d1e%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Zotonic developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zotonic-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zotonic-developers/8FAC43F8-CDC1-4002-B9D9-A1AE8E93A0A6%40mac.com
> <https://groups.google.com/d/msgid/zotonic-developers/8FAC43F8-CDC1-4002-B9D9-A1AE8E93A0A6%40mac.com?utm_medium=email&utm_source=footer>
> .
>
--
---
You received this message because you are subscribed to the Google Groups
"Zotonic developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to zotonic-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/zotonic-developers/CAOuQNV1VRBrbo-UxDonPv1TO2cuj3iitCpjjmLFsj3KV8K7SLg%40mail.gmail.com.
erlang 20.3
> ssl:versions().
[{ssl_app,"8.2.4"},
{supported,['tlsv1.2','tlsv1.1',tlsv1]},
{available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
> io:format("~p~n", [ssl:cipher_suites()]).
[{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
{ecdhe_rsa,aes_256_cbc,sha384,sha384},
{ecdh_ecdsa,aes_256_cbc,sha384,sha384},
{ecdh_rsa,aes_256_cbc,sha384,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{rsa,aes_256_cbc,sha256},
{ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
{ecdhe_rsa,aes_128_cbc,sha256,sha256},
{ecdh_ecdsa,aes_128_cbc,sha256,sha256},
{ecdh_rsa,aes_128_cbc,sha256,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{rsa,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_rsa,aes_256_cbc,sha},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{ecdh_ecdsa,aes_256_cbc,sha},
{ecdh_rsa,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha},
{ecdhe_ecdsa,aes_128_cbc,sha},
{ecdhe_rsa,aes_128_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha},
{ecdh_ecdsa,aes_128_cbc,sha},
{ecdh_rsa,aes_128_cbc,sha},
{rsa,aes_128_cbc,sha},
{ecdhe_ecdsa,'3des_ede_cbc',sha},
{ecdhe_rsa,'3des_ede_cbc',sha},
{dhe_rsa,'3des_ede_cbc',sha},
{dhe_dss,'3des_ede_cbc',sha},
{ecdh_ecdsa,'3des_ede_cbc',sha},
{ecdh_rsa,'3des_ede_cbc',sha},
{rsa,'3des_ede_cbc',sha}]
erlang 22.3
> ssl:versions().
[{ssl_app,"9.2"},
{supported,['tlsv1.2']},
{supported_dtls,['dtlsv1.2']},
{available,['tlsv1.3','tlsv1.2','tlsv1.1',tlsv1,sslv3]},
{available_dtls,['dtlsv1.2',dtlsv1]}]
> io:format("~p~n", [ssl:cipher_suites()]).
[{ecdhe_ecdsa,aes_256_gcm,aead,sha384},
{ecdhe_rsa,aes_256_gcm,aead,sha384},
{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
{ecdhe_rsa,aes_256_cbc,sha384,sha384},
{ecdh_ecdsa,aes_256_gcm,aead,sha384},
{ecdh_rsa,aes_256_gcm,aead,sha384},
{ecdh_ecdsa,aes_256_cbc,sha384,sha384},
{ecdh_rsa,aes_256_cbc,sha384,sha384},
{dhe_rsa,aes_256_gcm,aead,sha384},
{dhe_dss,aes_256_gcm,aead,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{ecdhe_ecdsa,aes_128_gcm,aead,sha256},
{ecdhe_rsa,aes_128_gcm,aead,sha256},
{ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
{ecdhe_rsa,aes_128_cbc,sha256,sha256},
{ecdh_ecdsa,aes_128_gcm,aead,sha256},
{ecdh_rsa,aes_128_gcm,aead,sha256},
{ecdh_ecdsa,aes_128_cbc,sha256,sha256},
{ecdh_rsa,aes_128_cbc,sha256,sha256},
{dhe_rsa,aes_128_gcm,aead,sha256},
{dhe_dss,aes_128_gcm,aead,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_rsa,aes_256_cbc,sha},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{ecdh_ecdsa,aes_256_cbc,sha},
{ecdh_rsa,aes_256_cbc,sha},
{ecdhe_ecdsa,aes_128_cbc,sha},
{ecdhe_rsa,aes_128_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha},
{ecdh_ecdsa,aes_128_cbc,sha},
{ecdh_rsa,aes_128_cbc,sha}]
