[erlang-questions] Does Erlang/OTP SSL app have heartbleed vulnerability?

Paul Peregud paulperegud@REDACTED
Tue Apr 8 08:00:47 CEST 2014


Since we are at SSL, it would be almost On Topic.

Frankencert - Adversarial Testing of Certificate Validation in SSL/TLS
Implementations:
https://github.com/sumanj/frankencert/blob/master/README.md
 On Apr 8, 2014 6:37 AM, "Danil Zagoskin" <z@REDACTED> wrote:

> Hello!
>
> Recently heartbleed bug was found in openssl: http://heartbleed.com/
>
> As far as I know, OTP SSL and crypto apps use openssl, but some of SSL
> handshake logic is rewritten in Erlang.
>
> Grepping lib/ssl and lib/crypto sources for 'heartbeat' didn't give any
> results.
> I have not found any tool to check a server for the vulnerability either.
>
> So, should anyone using SSL in OTP immediately upgrade openssl to fix this
> bug?
>
>
> --
> Danil Zagoskin | z@REDACTED
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140408/58c5803d/attachment.htm>


More information about the erlang-questions mailing list