[erlang-questions] Securing link between nodes
Sat Sep 9 21:25:00 CEST 2006
Jordan Wilberding <> wrote:
>> On 08/09/06, *Jordan Wilberding* <
>> <mailto:>> wrote:
>> I know this question has been asked before, but I have a few more
>> questions about it.
>> I am wanting to encrypt all communications between each node
>> transparently(that is to say, without the erlang code knowing anything
>> about it). It appears the best you can do now is use SSL for
>> authentication, but it still doesn't encrypt the actual messages.
>> I have never tried it, but if you configured erlang distribution over
>> SSL, all communication between the nodes should be encrypted. Not just
>Actually I did this method and it doesn't encrypt all information, as I
>am able to pick up the text of messages with tcpdump.
Well, you probably did something wrong (or the SSL stuff is broken - I
haven't tried it either) - SSL certainly offers transport encryption.
While it's possible to have it use a NULL cipher for the transport,
you'd really have to go out of your way to make that happen (e.g. I
don't believe this possibility is enabled in a default OpenSSL build).
Using SSL just for authentication in the context of distributed Erlang
would be pretty pointless, as the default authentication mechanism is
quite good (given a "good" cookie and safeguarding it as you would
e.g. a SSL private key) - the cookie is never sent on the wire.
More information about the erlang-questions