[erlang-questions] SSL/TLS MITM CCS Injection case on Erlang ssl module?
Thu Jun 5 20:49:25 CEST 2014
AFAIK, all the handshake logic is implemented in Erlang; quoting from
memory based on some previous thread (probably around the time of
heartbleed), OpenSSL is used only for the heavy arithmetic. If in fact
true, this would discard automatically a part of those CVEs. But I'd
rather wait for a more informed opinion on this.
On 05-06-2014 14:15, Kenji Rikitake wrote:
> I'd be glad if Erlang core team could give an idea about how the
> vulnerability of CVE-2014-0224 would or would not affect Erlang ssl
> Kenji Rikitake
> erlang-questions mailing list
PGP fingerprint: 1968 5252 3901 B40F ED8A D67A 9330 79B1 35CB 8191
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: OpenPGP digital signature
More information about the erlang-questions