[erlang-questions] Patch Package: OTP

Ingela Anderton Andin Ingela.Anderton.Andin@REDACTED
Thu Nov 23 16:26:55 CET 2017

Patch Package:    OTP
Git Tag:                OTP-
Date:                    2017-11-23
Trouble Report Id:  OTP-14748
Seq num:
System:                  OTP
Release:                 19
Application:            ssl-
Predecessor:          OTP

  Check out the git tag OTP-, and build a full OTP system
  including documentation. Apply one or more applications from this
  build as patches to your installation using the 'otp_patch_apply'
  tool. For information on install requirements, see descriptions for
  each application version below.

  --- ssl- -----------------------------------------------------

  Note! The ssl- application can *not* be applied independently
        of other applications on an arbitrary OTP 19 installation.

        On a full OTP 19 installation, also the following runtime
        dependency has to be satisfied:
        -- stdlib-3.2 (first satisfied in OTP 19.2)

  --- Fixed Bugs and Malfunctions ---

   OTP-14748    Application(s): ssl

                An erlang TLS server configured with cipher suites
                using rsa key exchange, may be vulnerable to an
                Adaptive Chosen Ciphertext attack (AKA Bleichenbacher
                attack) against RSA, which when exploited, may result
                in plaintext recovery of encrypted messages and/or a
                Man-in-the-middle (MiTM) attack, despite the attacker
                not having gained access to the server’s private key
                itself. CVE-2017-1000385

                Exploiting this vulnerability to perform plaintext
                recovery of encrypted messages will, in most practical
                cases, allow an attacker to read the plaintext only
                after the session has completed. Only TLS sessions
                established using RSA key exchange are vulnerable to
                this attack.

                Exploiting this vulnerability to conduct a MiTM attack
                requires the attacker to complete the initial attack,
                which may require thousands of server requests, during
                the handshake phase of the targeted session within the
                window of the configured handshake timeout. This attack
                may be conducted against any TLS session using RSA
                signatures, but only if cipher suites using RSA key
                exchange are also enabled on the server. The limited
                window of opportunity, limitations in bandwidth, and
                latency make this attack significantly more difficult
                to execute.

                RSA key exchange is enabled by default although least
                prioritized if server order is honored. For such a
                cipher suite to be chosen it must also be supported by
                the client and probably the only shared cipher suite.

                Captured TLS sessions encrypted with ephemeral cipher
                suites (DHE or ECDHE) are not at risk for subsequent
                decryption due to this vulnerability.

                As a workaround if default cipher suite configuration
                was used you can configure the server to not use
                vulnerable suites with the ciphers option like this:

                {ciphers, [Suite || Suite <- ssl:cipher_suites(),
                element(1,Suite) =/= rsa]}

                that is your code will look somethingh like this:

                ssl:listen(Port, [{ciphers, [Suite || Suite <-
                ssl:cipher_suites(), element(1,S) =/= rsa]} |

                Thanks to Hanno Böck, Juraj Somorovsky and Craig Young
                for reporting this vulnerability.

  Full runtime dependencies of ssl- crypto-3.3, erts-7.0,
  inets-5.10.7, kernel-3.0, public_key-1.2, stdlib-3.2


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20171123/7a1829d1/attachment.htm>

More information about the erlang-questions mailing list