[erlang-questions] tls triple handshake vulnerabilty
Garry Hodgson
garry@REDACTED
Tue Jan 20 22:19:19 CET 2015
thanks. i'll try that.
On 1/20/15 11:24 AM, Ingela Andin wrote:
> Hi!
>
> Well you could set {reuse_sessions, boolean()} to false, it could have
> some performance penalty but destroys the prerequisites for the attack.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
> On Thu, Jan 15, 2015 at 4:50 PM, Garry Hodgson <garry@REDACTED
> <mailto:garry@REDACTED>> wrote:
>
> Are the erlang ssl libraries subject to the TLS triple handshake
> vulnerability described at https://secure-resumption.com?
> If so, are there configuration options that can mitigate the risk?
> I've read through the erlang ssl docs, but don't understand the
> subject well enough to tell.
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150120/38fc4ed9/attachment.htm>
More information about the erlang-questions
mailing list