[erlang-questions] YAWS with SSL Connections Problem

Tomas Abrahamsson tomas.abrahamsson@REDACTED
Tue Oct 20 22:02:30 CEST 2009


> [...] Instead, I've learned stuff that I really didn't want to know, such
> as how insecure Erlang SSL support is.

I guess in case you're going to handle sensitive data
in your system, you'd want to take this and many more
factors into consideration when doing a risk analysis.

If clear text communication between the erlang vm and
the ssl_esock over the loopback interface is an issue,
then I suppose you might also want to secure the erlang
inter-node communication, if you run a distributed
system, and maybe you would also want to take measures
against someone reading the memory image of the erlang
vm os-process, or against someone reading the swap.

> Considering that most of the fraud comes from within, e.g. people that may
> have an access to the machine how do I:
>
> 1) prevent someone from "snooping" the local loopback connection?
> 2) prevent someone from tracing ssl_esock process and see clear text sent
> and received via read and write system calls?

Aside from being restrictive in granting system
privileges, I'm afraid I don't know, but would of
course be interested in learning more in case there
happens to be a way.

> I've always assumed that SSL support is tightly coupled with linked-in
> driver, hence not exposing anything via clear text (well other than
> user-level function call).

 From this point of view, the new ssl implementation
has an advantage over the old: it doesn't use any
ssl_esock, but handles the SSL protocol entirely within
the erlang vm, as far as I've understood.

Are there any users of the new ssl implementation, or
if not, what are the major show-stoppers?

I know Yaws says "%%{ssl_imp, new} - still doesn't work (R13B)"
in yaws_server.erl, and I know the ssl_new man page
gives the impression of it being a bit unpolished,
saying "[t]he alfa version has a few limitations ...
listed below", but what's the major show-stoppers? Is
it the lack of diffie-hellman key exchange, the lack of
CRL support (as listed) or something else?
Interoperability issues?


BRs
Tomas


More information about the erlang-questions mailing list