[erlang-questions] Does Erlang/OTP SSL app have heartbleed vulnerability?
Tue Apr 8 06:37:09 CEST 2014
Recently heartbleed bug was found in openssl: http://heartbleed.com/
As far as I know, OTP SSL and crypto apps use openssl, but some of SSL
handshake logic is rewritten in Erlang.
Grepping lib/ssl and lib/crypto sources for 'heartbeat' didn't give any
I have not found any tool to check a server for the vulnerability either.
So, should anyone using SSL in OTP immediately upgrade openssl to fix this
Danil Zagoskin |
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions