[erlang-questions] SSL/TLS MITM CCS Injection case on Erlang ssl module?

Guilherme Andrade g@REDACTED
Thu Jun 5 20:49:25 CEST 2014

AFAIK, all the handshake logic is implemented in Erlang; quoting from
memory based on some previous thread (probably around the time of
heartbleed), OpenSSL is used only for the heavy arithmetic. If in fact
true, this would discard automatically a part of those CVEs. But I'd
rather wait for a more informed opinion on this.


On 05-06-2014 14:15, Kenji Rikitake wrote:
> I'd be glad if Erlang core team could give an idea about how the
> vulnerability of CVE-2014-0224 would or would not affect Erlang ssl
> module:
> http://www.openssl.org/news/secadv_20140605.txt
> http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
> Regards,
> Kenji Rikitake
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

Guilherme Andrade

PGP fingerprint: 1968 5252 3901 B40F ED8A  D67A 9330 79B1 35CB 8191

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140605/eae21658/attachment.bin>

More information about the erlang-questions mailing list