You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tldr; would you be open to a PR that adds :supported_groups to the list of @mint_tls_opts?
I ran into an issue yesterday while trying to configure SSL in Finch. I'm working with a client whose server is misconfigured and is rejecting any SSL handshake that contains :brainpoolP256r1tls13 in the supported_groups for key exchange. Erlang's :ssl module has an option for adjusting the supported_groups.
This fixes my first problem but introduces a second: Requests to http (not https) origins now fail with a badarg error.
It looks Finch maintains a list of SSL options that should be removed when making an http request. Because :supported_groups is missing from that list, it is passed as an option for http requests which causes the badarg error:
Hello!
tldr; would you be open to a PR that adds
:supported_groupsto the list of@mint_tls_opts?I ran into an issue yesterday while trying to configure SSL in Finch. I'm working with a client whose server is misconfigured and is rejecting any SSL handshake that contains
:brainpoolP256r1tls13in the supported_groups for key exchange. Erlang's :ssl module has an option for adjusting the supported_groups.I'm able to add that option to Finch like so:
This fixes my first problem but introduces a second: Requests to http (not https) origins now fail with a badarg error.
It looks Finch maintains a list of SSL options that should be removed when making an http request. Because
:supported_groupsis missing from that list, it is passed as an option for http requests which causes the badarg error:finch/lib/finch/pool_manager.ex
Lines 5 to 20 in c3b9411
The text was updated successfully, but these errors were encountered: