<div dir="ltr">Hi!<br><div class="gmail_extra"><br><div class="gmail_quote">2014-04-08 6:37 GMT+02:00 Danil Zagoskin <span dir="ltr"><<a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hello!<div><br></div><div>Recently heartbleed bug was found in openssl: <a href="http://heartbleed.com/" target="_blank">http://heartbleed.com/</a></div><div> <br></div></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div></div><div>As far as I know, OTP SSL and crypto apps use openssl, but some of SSL handshake logic is rewritten in Erlang.</div></div></blockquote><div><br></div><div><br></div><div>All of the SSL/TLS handshake logic is written in Erlang. Only OpenSSLs crypto library is used directly via the crypto application or indirectly</div>
<div>via the public_key application. The crypto library is used to perform encryption/decryption/verification - operations (number crunching).</div><div>So this OpenSSL bug will not effect Erlangs SSL/TLS-application. But if an OpenSSL client/server communicates with a </div>
<div>Erlang client/server you can of course still have a problem.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">
<div><br></div><div>Grepping lib/ssl and lib/crypto sources for 'heartbeat' didn't give any results.</div><div>I have not found any tool to check a server for the vulnerability either.</div><div><br></div><div>
So, should anyone using SSL in OTP immediately upgrade openssl to fix this bug?<span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div></font></span></div></div></blockquote><div><br></div><div>Well not for the sake of Erlang, but this is probably a good idea anyway. </div>
<div><br></div><div><br></div><div>Regards Ingela Erlang/OTP team - Ericsson AB</div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><span class="HOEnZb"><font color="#888888"><div></div>-- <br><div dir="ltr"><div><font face="'courier new', monospace">Danil Zagoskin | <a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a></font></div>
</div></font></span></div></div>
<br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div></div>