[erlang-questions] Compiling Erlang without RC4?

Oliver Korpilla <>
Wed Sep 14 23:18:15 CEST 2016


Hello, Andreas.

It is appreciated. :)

Thanks,
Oliver
 

Gesendet: Mittwoch, 14. September 2016 um 15:12 Uhr
Von: "Andreas Schultz" <>
An: "Oliver Korpilla" <>
Cc: erlang-questions <>
Betreff: Re: [erlang-questions] Compiling Erlang without RC4?
Hi Oliver,

Test suite was simple enough, so I made the RC4 fix into a real pull request:

https://github.com/erlang/otp/pull/1169

Andreas

----- Original Message -----
> From: "Oliver Korpilla" <>
> To: "Luis Rascão" <>
> Cc: "erlang-questions" <>
> Sent: Wednesday, September 14, 2016 12:39:40 PM
> Subject: Re: [erlang-questions] Compiling Erlang without RC4?

> Hello, Luis.
>
> Yes, I thought about building Erlang on a more "full-featured" machine and
> deploying it as a statically linked binary as alternate solution.
>
> Since we rely on SCTP support in the kernel, however, my personal guess would be
> that this is a little risky but doable and will require testing if all features
> still work properly on target.
>
> So, yes, this would have been our next option to pursue. :)
>
> Thanks,
> Oliver
> 
>
> Gesendet: Mittwoch, 14. September 2016 um 10:15 Uhr
> Von: "Luis Rascão" <>
> An: "Andreas Schultz" <>
> Cc: "Oliver Korpilla" <>, erlang-questions
> <>
> Betreff: Re: [erlang-questions] Compiling Erlang without RC4?
>
> You could build OpenSSL yourself and link statically link Erlang with it, would
> that work also maybe?
> 
> On Wed, Sep 14, 2016 at 9:08 AM, Andreas Schultz <> wrote:Hi
> Oliver,
>
> You could try the attached patch. This just disables the rc4 support,
> for a pull request, some adjustments to the test suite might be
> required as well.
>
> I don't have a OpenSSL without RC4, so this is purely guesswork!
>
> Andreas
>
> ----- Original Message -----
>> From: "Oliver Korpilla" <[]>
>> To: "Alexander Færøy" <[]>
>> Cc: "erlang-questions"
>> <[]>
>> Sent: Tuesday, September 13, 2016 11:03:03 PM
>> Subject: Re: [erlang-questions] Compiling Erlang without RC4?
>
>> Hello, Alexander.
>>
>> You misunderstand... I'm not concerned at all. The Linux distribution I have to
>> work with removed the rc4.h header and without it I can not compile the Erlang
>> runtime environment (and not deploy my application).
>>
>> I did a cursory look but it is as you say - I found no guards and there were
>> plenty of references towards definitions from that header, so I was a bit out
>> on a limb to ask if anything knew a trick to compile the Erlang runtime without
>> this header...
>>
>> Thanks,
>> Oliver
>> 
>> 
>>
>> Gesendet: Dienstag, 13. September 2016 um 20:42 Uhr
>> Von: "Alexander Færøy" <[]>
>> An: erlang-questions <[]>
>> Betreff: Re: [erlang-questions] Compiling Erlang without RC4?
>> On 13 September 2016 at 17:16, Oliver Korpilla
>> <[]> wrote:
>>> We currently have to work with a system where somebody thought removing rc4.h
>>> would solve the security issues involved with this weak algorithm...
>>>
>>> Is there any way to build Erlang without RC4 (but still with crypto
>>> functionality)?
>>
>> It doesn't look like the RC4 functionality is hidden behind a guard in
>> the C source code, but I don't think you should be overly worried
>> about using an Erlang release that contains RC4 support.
>>
>> If you take a look at the ciphers that the SSL application will use by
>> default, you will see that there's no RC4 ciphers included (at least
>> not in my OTP-18 installation locally):
>>
>> lists:foreach(fun (Suite) -> io:format("~p~n", [Suite]) end,
>> ssl:cipher_suites()).
>>
>> You could consider filtering out the 3DES ciphers that are enabled by
>> default though[1] using the {ciphers, [...]} option for SSL
>> connections.
>>
>> Cheers,
>> Alex.
>>
>> [1]: https://sweet32.info[https://sweet32.info][https://sweet32.info[https://sweet32.info]]
>>
>>
>> --
>> Alexander Færøy
>> _______________________________________________
>> erlang-questions mailing list
>> []
>> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions][http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]][http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions][http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]]]
>> _______________________________________________
>> erlang-questions mailing list
>> []
>> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions][http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]]
>
> _______________________________________________
> erlang-questions mailing list
> []
> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]
>  
> --
>
> PGP fingerprint: F708 E141 AE8D 2D38 E1BC  DF3D 1719 3EA0 647D 7260
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]


More information about the erlang-questions mailing list