[erlang-questions] SSLv2 oldest version of erlang to support it?

Ingela Andin ingela.andin@REDACTED
Sun Mar 11 09:23:09 CET 2018


Hi!

2018-03-10 12:21 GMT+01:00 Stanislaw Klekot <erlang.org@REDACTED>:

> On Sat, Mar 10, 2018 at 04:57:17AM +0000, Vans S wrote:
> > Does anyone know which version of Erlang still supports SSLv2, we need
> to interop with some very legacy software inside a very secure network.
> >
> > To my surprise SSLv2 is totally dropped from R20.2, its not even behind
> any special flags?
>
>
?

SSLv2 has never been supported by the Erlang implementation of SSL/TLS. In
R13 when OpenSSL was used v2 could of course be supported
if OpenSSL supported it.

There is still a special flag to interop with clients that offer SSLv2 but
can use higher versions.


*{v2_hello_compatible, boolean()}*If true, the server accepts clients that
send hello messages on SSL-2.0 format but offers supported SSL/TLS
versions. Defaults to false, that is the server will not interoperate with
clients that offers SSL-2.0.


However even SSLv3 is an outdated protocol considered insecure, and SSLv2
was obsoleted many years ago. We are considering dropping this last interop
switch with SSLv2 enabled clients in OTP 21. There acctualy has been cases
when valid hello messages of SSL/TLS are confused with SSLv2 hello messages.

Regards Ingela Erlang/OTP Team - Ericsson AB





> > Which version of OTP would support SSLv2?
>
> R15 already has it unsupported, according to the manual. After
> erldocs.com, you'd need to go as far as R13.
>
> Why won't you wrap the connection with stunnel? You wouldn't need to
> maintain a compilation of a really old Erlang version.
>
> --
> Stanislaw Klekot
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180311/ff711cea/attachment.htm>


More information about the erlang-questions mailing list