benoitc/hackney

Default ciphers problem with tlsv1.3

Closed this issue · 4 comments

fidr commented

I'm trying erlang 23.0 and it's failing if tlsv1.3 is part of the ssl versions (which it is by default now).

Using :ssl.cipher_suites() fixes the problem:

:hackney.request(:get, "https://hex.pm/api/packages/phoenix", [], "", [])

14:20:05.172 [info]  TLS :client: In state :hello received SERVER ALERT: Fatal - Handshake Failure

{:error,
 {:tls_alert,
  {:handshake_failure,
   'TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure\n '}}}

:hackney.request(:get, "https://hex.pm/api/packages/phoenix", [], "", [ssl_options: [ciphers: :ssl.cipher_suites()]])

{:ok, 200,
 [
   {"cache-control", "public, max-age=60"},
   {"content-length", "14510"},
   {"content-type", "application/vnd.hex+json; charset=utf-8"},
   {"date", "Thu, 14 May 2020 12:20:27 GMT"},
   {"etag", "7609edadb5ff6e8ee807dfb161bb6114"},
   {"last-modified", "Wed, 29 Apr 2020 07:15:42 GMT"},
   {"server", "Cowboy"},
   {"strict-transport-security", "max-age=31536000"},
   {"vary", "accept, accept-encoding, accept-encoding"},
   {"x-ratelimit-limit", "100"},
   {"x-ratelimit-remaining", "99"},
   {"x-ratelimit-reset", "1589458860"},
   {"x-request-id", "Fg7kYf-rN8KfUX8AabMB"},
   {"Via", "1.1 google"},
   {"Alt-Svc", "clear"}
 ], #Reference<0.4037267404.386924552.237687>}
benoitc commented

Yes, there is a minor release landing today that fix i among other things.

  • 👍2
  • ❤️1
benoitc commented

fixed in master 3aa2c5f

nifoc commented

Any chance on getting a new release of the Hex package?

(I know I can just reference the commit/branch, but I would prefer a proper release)

benoitc commented
  • 👍2