Hello,
We are experiencing an issue related to SSL and receiving a connection closed when using TLSv1.3. We are upgrading our application from erlang 24.3.4.8 with elixir 1.14.3 to erlang 26.2.2 with elixir 1.16.1. On our older version the service responds fine. When using TLSv1.2 on the newer upgrade that is also fine. It only seems to be a problem with TLSv1.3.
We are using the below which shows the connection close response. We receive this for every request to the service. Other services which also use certificates are fine. This particular service was fine with connecting to it before the upgrade. It also fine with TLSv1.2 with our upgrade.
{:ok, p} = Finch.start_link(name: MyFinch, pools: %{default: [conn_opts: [transport_opts: [{:verify, :verify_peer}, {:cacertfile, "/path/to/ca.crt"}, {:certfile, "/path/to/cert.crt"}, {:keyfile, "/path/to/key.key"}, {:keep_secrets, true}, {:versions, [:"tlsv1.3"]}, {:log_level, :debug}], ssl_key_log_file: "/var/log/ssl.log"]]})
Finch.build(:get, "https://some-service.com", [], nil) |> Finch.request(MyFinch)
{:error, %Mint.TransportError{reason: :closed}}
When enabling low level logs, we can see a second handshake which has an empty certificate list.
>>> Handshake, Certificate
[{certificate_request_context,<<>>},{certificate_list,[]}]
We had a handshake before this which had certificates. The older version has certificates for both of the handshakes.
<<< Handshake, Certificate
[{certificate_request_context,<<>>},
{certificate_list,
[{certificate_entry,
<<...
We have spent a lot of time considering the service and certificates but we do not have any feedback this is the problem. It was also fine before our upgrade using TLSv1.3 so very puzzling for us. Any help on how we can debug or solve this is much appreciated.
