[erlang-questions] Does Erlang/OTP SSL app have heartbleed vulnerability?

Danil Zagoskin <>
Tue Apr 8 06:37:09 CEST 2014


Hello!

Recently heartbleed bug was found in openssl: http://heartbleed.com/

As far as I know, OTP SSL and crypto apps use openssl, but some of SSL
handshake logic is rewritten in Erlang.

Grepping lib/ssl and lib/crypto sources for 'heartbeat' didn't give any
results.
I have not found any tool to check a server for the vulnerability either.

So, should anyone using SSL in OTP immediately upgrade openssl to fix this
bug?


-- 
Danil Zagoskin | 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140408/3084437c/attachment.html>


More information about the erlang-questions mailing list