[erlang-questions] Does Erlang/OTP SSL app have heartbleed vulnerability?

Kenji Rikitake <>
Tue Apr 8 18:48:27 CEST 2014


++> Ingela Andin <> [2014-04-08 09:38:03 +0200]:
> 2014-04-08 6:37 GMT+02:00 Danil Zagoskin <>:
> > So, should anyone using SSL in OTP immediately upgrade openssl to fix this
> > bug?
> Well not for the sake of Erlang, but this is probably a good idea anyway.

On Erlang R16B03-1 and coming 17.0, OpenSSL libraries are dynamically linked.
Check the version with crypto:info_lib().

FYI
Kenji Rikitake



More information about the erlang-questions mailing list