CertificateVerify error with Erlang 24.2.1 when using TLS1.3 and ECC certificates

Hi All,

We are using Erlang 24.2.1 (with Rabbitmq 3.9.13) and when we try to use TLSv1.3 with ECC certificates (secp256r1/secp381r1 curves) the erlang throws the error - tls_handshake_1_3.erl:2082 “CertificateVerify uses unsupported signature algorithm”.

But it works well with TLSv1.3 with RSA certificates without any issue.

Has anyone else faced this issue with TLS1.3 and ECC certificates?

Ingela, Kenneth suggested me to check the erlang logs in debug mode, But i am unable to see the Erlang log file on the system. This link (Erlang -- logger) says we should configure the log file path in [sys.config] - $ROOT/releases but i do not find this file to set the log file path. Can someone help me in configuring the log file path and provide me the steps to achieve this?

Maybe this link can help in redirecting logs to file:
Erlang -- Logging ?

1 Like

Hi Kuba,

I executed the erlang commands shared by you to enable info logs into info.log (4>Config = #{config => #{file => “./info.log”}, level => info}. 5> logger:add_handler(myhandler, logger_std_h, Config).) But the info.log is empty. Client is still failing to use TLSv1.3 with ECC Certificate and the info.log file is empty and erlang is not writing anything to this log file.

1 Like

@arun.arnim - this appears to be a bug (somewhere) that is triggered by using TLS 1.3, your ECC certs, and Java. I have provided reproduction steps and details here:

1 Like