[erlang-questions] tls triple handshake vulnerabilty

Garry Hodgson garry@REDACTED
Tue Jan 20 22:19:19 CET 2015


thanks. i'll try that.

On 1/20/15 11:24 AM, Ingela Andin wrote:
> Hi!
>
> Well you could set {reuse_sessions, boolean()} to false, it could have 
> some performance penalty but  destroys the prerequisites for the attack.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
> On Thu, Jan 15, 2015 at 4:50 PM, Garry Hodgson <garry@REDACTED 
> <mailto:garry@REDACTED>> wrote:
>
>     Are the erlang ssl libraries subject to the TLS triple handshake
>     vulnerability described at https://secure-resumption.com?
>     If so, are there configuration options that can mitigate the risk?
>     I've read through the erlang ssl docs, but don't understand the
>     subject well enough to tell.
>
>
>     _______________________________________________
>     erlang-questions mailing list
>     erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>     http://erlang.org/mailman/listinfo/erlang-questions
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150120/38fc4ed9/attachment.htm>


More information about the erlang-questions mailing list