Zotonic 0.57.0 - ssl Inssuficient Security - no_suitable_cipher error

[Alvaro Pagliari]

Hello,

I just updated my local zotonic installation to 0.57.0 with erlang 22.3. It starts normally, but when I try to access one of the sites this error pops up:

TLS server: In state start at tls_handshake_1_3.erl:1932 generated SERVER ALERT: Fatal - Insufficient Security
- no_suitable_cipher

I removed my certs and let zotonic recreate them, also tried to remove and create a new dh-params.pem but with no luck.

Do I need to enable a new module? Maybe some configuration changed?

Any help is appreciated, thanks!

--

Álvaro Pagliari

[Marc Worrell]

A quick search gave me this:

https://bugs.erlang.org/plugins/servlet/mobile#issue/ERL-826

Is your server up to date with the ciphers?

Tomorrow I can check my local install against OTP-22.

Cheers, Marc

Sent from my iPhone

On 12 May 2020, at 19:35, Alvaro Pagliari <alva...@gmail.com> wrote:



--

---
You received this message because you are subscribed to the Google Groups "Zotonic developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zotonic-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/6e086be6-7392-4c53-b473-47a2734f6d1e%40googlegroups.com.

[Alvaro Pagliari]

Hello Marc,

Sorry, I wasn't clear, this error is from my local development machine, I'm using:

Kubuntu 20.04

OpenSSL 1.1.1f   31 Mar 2020

Chrome 81.0.4044.138

Erlang 22.3

Zotonic 0.57.0

Is there a place within Zotonic or Erlang to enable these ciphers? I saw in the Zotonic documentation for version 1.0 that it's possible to implement a function to add SSL options, but I don't know if it's supported on 0.x and if it's the correct way to handle this.

I sending as an attachment the versions and cipher suites of both erlang 20.3 (the one I'm using with zotonic 0.56.0) and 22.3.

I appreciate it if you can give a look at it (no hurry, hehe).

Cheers!

--

Álvaro Gianni Pagliari
alvaropag [at] gmail [dot] com

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/8FAC43F8-CDC1-4002-B9D9-A1AE8E93A0A6%40mac.com.

[Marc Worrell]

Hi Alvaro,

Could you try again with the now updated 0.x?

I was able to reproduce the issue and updated our mochiweb branch.

We still have a funky crash of lager at the start, but ignore that for now.

Cheers, Marc

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/CAOuQNV1VRBrbo-UxDonPv1TO2cuj3iitCpjjmLFsj3KV8K7SLg%40mail.gmail.com.
<erl_suites.txt>

[Alvaro Pagliari]

Hello Marc,

Unfortunately it didn't work, I follow these steps on zotonic directory:

git pull --all

git checkout 0.x

make clean

cd deps

rm -rf */

cd ..

make

The following error was shown

==> erlware_commons (compile)
/home/alvaro/devel/zotonic_leal/deps/erlware_commons/src/ec_plists.erl:834: erlang:get_stacktrace/0: deprecated; use the new try/catch syntax for retrieving the stack backtrace
/home/alvaro/devel/zotonic_leal/deps/erlware_commons/src/ec_plists.erl:836: erlang:get_stacktrace/0: deprecated; use the new try/catch syntax for retrieving the stack backtrace
Compiling /home/alvaro/devel/zotonic_leal/deps/erlware_commons/src/ec_plists.erl failed:
ERROR: compile failed while processing /home/alvaro/devel/zotonic_leal/deps/erlware_commons: rebar_abort
make: *** [GNUmakefile:56: compile] Error 1

I'm trying with erlang 22.3 built through kerl.

Cheers,

--

Álvaro Gianni Pagliari
alvaropag [at] gmail [dot] com

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/F846BA95-FE71-4762-8535-5A30A3E211FD%40me.com.

[Marc Worrell]

Hi Alvaro,

That is strange.

I also did a clean build on OTP-22 without problems.

And our Travis-CI build on 22 also works.

I am also using OTP 22.3

(Quite recent build)

Which version of erlware_commons do you end up with?

I am at a8b46e077034938fd82f57876103270311e6835b

Maybe your rebar needs updating?

I have:

zotonic-0.x marc$ ./rebar --version

rebar 2.6.4 17 20160831_145136 git 2.6.4-dirty

Cheers,

Marc

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/CAOuQNV2hWx1afET1f_nZ6EQ4Hg%3DgmiaTo0ZsiHDjEFDG%3Dv9_ZQ%40mail.gmail.com.

[Alvaro Pagliari]

Hello Marc,

Yep, now it works!! 

Maybe my git pull --all didn't work last time and I haven't noticed.

I do remember that erlware_commons was not downloading this version a8b46e077034938fd82f57876103270311e6835b because I tried to change it but with no luck.

My rebar version is the same as yours.

There are some compilation warnings, how is the policy for erlang version x zotonic version? 

Cheers,

 

--

Álvaro Gianni Pagliari
alvaropag [at] gmail [dot] com

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/01AA1451-E906-48DC-9EFC-553B8980BCBC%40me.com.

[Marc Worrell]

Great!

Will release the 0.57.1 today, was waiting on your test result.

We have a rule that we follow the last 3 OTP releases.

That is, there is some work to do for OTP-23, especially in some dependencies.

For the 0.x we are supporting 19+ due to production servers.

For the 1.x series (aka master) we are supporting 20+, and might change that to 21+.

At the moment I am not too concerned about the deprecation warnings.

We can fix those in due time.

Happy that you got everything up & running,

Cheers, Marc

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/CAOuQNV2JhXrrpkSnZo0e%3DyE-qc5bSpL_mxcQEj_Rn93jS4%2BsjA%40mail.gmail.com.

[Alvaro Pagliari]

Thanks Marc,

I appreciate all the help! :D

--

Álvaro Gianni Pagliari
alvaropag [at] gmail [dot] com

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/3875F404-1DBE-40B3-A329-0B89A18BE578%40me.com.