[erlang-questions] Securing link between nodes
Per Hedeland
per@REDACTED
Sat Sep 9 21:25:00 CEST 2006
Jordan Wilberding <wilbjor@REDACTED> wrote:
>
>Chandru wrote:
>> On 08/09/06, *Jordan Wilberding* <wilbjor@REDACTED
>> <mailto:wilbjor@REDACTED>> wrote:
>>
>> Hello,
>>
>> I know this question has been asked before, but I have a few more
>> questions about it.
>>
>> I am wanting to encrypt all communications between each node
>> transparently(that is to say, without the erlang code knowing anything
>> about it). It appears the best you can do now is use SSL for
>> authentication, but it still doesn't encrypt the actual messages.
>>
>>
>> I have never tried it, but if you configured erlang distribution over
>> SSL, all communication between the nodes should be encrypted. Not just
>> authentication.
>>
>> See
>> http://www.erlang.org/doc/doc-5.5/lib/ssl-3.0.12/doc/html/ssl_distribution.html#5
>>
>> Chandru
>
>Actually I did this method and it doesn't encrypt all information, as I
>am able to pick up the text of messages with tcpdump.
Well, you probably did something wrong (or the SSL stuff is broken - I
haven't tried it either) - SSL certainly offers transport encryption.
While it's possible to have it use a NULL cipher for the transport,
you'd really have to go out of your way to make that happen (e.g. I
don't believe this possibility is enabled in a default OpenSSL build).
Using SSL just for authentication in the context of distributed Erlang
would be pretty pointless, as the default authentication mechanism is
quite good (given a "good" cookie and safeguarding it as you would
e.g. a SSL private key) - the cookie is never sent on the wire.
--Per Hedeland
More information about the erlang-questions
mailing list