Hi!
We are experiencing some issues connecting from Erlang to a Heroku app (which at the end doesn’t matter, the issues is that we could not debug it at the time).
We are using:
- Erlang 22.3
- Elixir 1.10.2
-
:gun
library
However, as demonstrated on the examples below, this issue is also happening by calling Erlang :ssl
module directly.
To test the issue, I have deployed a base Phoenix app to Heroku, which can be found on: https://github.com/odarriba/phoenix-heroku-example
and can be accessed both in:
The issue we are having is that when we connect through the custom domain, it produces an Internal Error
on Erlang’s SSL module:
Accessing through the custom domain
iex(3)> :ssl.start()
:ok
iex(4)> sock = fn() -> {:ok, s} = :gen_tcp.connect('ssl-bug-example.oscardearriba.com', 443, []); s; end
#Function<21.126501267/0 in :erl_eval.expr/5>
iex(5)> :ssl.connect(sock.(), [])
16:37:54.462 [info] TLS :client: In state :hello received SERVER ALERT: Fatal - Internal Error
{:error,
{:tls_alert,
{:internal_error,
'TLS client: In state hello received SERVER ALERT: Fatal - Internal Error\n '}}}
Accessing through the herokuapp.com subdomain
iex(6)> sock = fn() -> {:ok, s} = :gen_tcp.connect('ssl-bug-example.herokuapp.com', 443, []); s; end
#Function<21.126501267/0 in :erl_eval.expr/5>
iex(7)> :ssl.connect(sock.(), [])
{:ok,
{:sslsocket, {:gen_tcp, #Port<0.8>, :tls_connection, :undefined},
[#PID<0.144.0>, #PID<0.143.0>]}}
Both tests are with Erlang 22.3 compiled on OS-X, but we are seeing the same issue in Linux.
To debug it, we tried to see the TLS protocol version and the cipher used on both endpoints - and both are the same.
Any idea what can be happening here?