[erlang-questions] SSL/TLS MITM CCS Injection case on Erlang ssl module?
Thu Jun 5 21:33:54 CEST 2014
The SSL/TLS protocol is implemented in Erlang
, only the crypto routines (libcrypto) from OpenSSL are used.
So it seems that these CVEs are not relevant for Erlang.
/Kenneth Erlang/OTP, Ericsson
On Thu, Jun 5, 2014 at 8:49 PM, Guilherme Andrade <g@REDACTED> wrote:
> AFAIK, all the handshake logic is implemented in Erlang; quoting from
> memory based on some previous thread (probably around the time of
> heartbleed), OpenSSL is used only for the heavy arithmetic. If in fact
> true, this would discard automatically a part of those CVEs. But I'd
> rather wait for a more informed opinion on this.
> On 05-06-2014 14:15, Kenji Rikitake wrote:
> > I'd be glad if Erlang core team could give an idea about how the
> > vulnerability of CVE-2014-0224 would or would not affect Erlang ssl
> > module:
> > http://www.openssl.org/news/secadv_20140605.txt
> > Regards,
> > Kenji Rikitake
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
> Guilherme Andrade
> PGP fingerprint: 1968 5252 3901 B40F ED8A D67A 9330 79B1 35CB 8191
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions