[erlang-questions] Does Erlang/OTP SSL app have heartbleed vulnerability?
Danil Zagoskin
z@REDACTED
Tue Apr 8 06:37:09 CEST 2014
Hello!
Recently heartbleed bug was found in openssl: http://heartbleed.com/
As far as I know, OTP SSL and crypto apps use openssl, but some of SSL
handshake logic is rewritten in Erlang.
Grepping lib/ssl and lib/crypto sources for 'heartbeat' didn't give any
results.
I have not found any tool to check a server for the vulnerability either.
So, should anyone using SSL in OTP immediately upgrade openssl to fix this
bug?
--
Danil Zagoskin | z@REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140408/3084437c/attachment.htm>
More information about the erlang-questions
mailing list