<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">thanks. i'll try that.<br>
<br>
On 1/20/15 11:24 AM, Ingela Andin wrote:<br>
</div>
<blockquote
cite="mid:CADq4+MrZzaODo44i0-zZODmBRZ9vrRyq5xqq-5n9ZLzHU-sOoQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Hi!<br>
</div>
<div><br>
Well you could set <span class="">{reuse_sessions,
boolean()} to false, it could have some performance
penalty but destroys the prerequisites for the attack.<br>
</span></div>
<span class=""></span><br>
</div>
Regards Ingela Erlang/OTP team - Ericsson AB<br>
<div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jan 15, 2015 at 4:50
PM, Garry Hodgson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:garry@research.att.com"
target="_blank">garry@research.att.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Are the erlang
ssl libraries subject to the TLS triple handshake<br>
vulnerability described at <a
moz-do-not-send="true"
href="https://secure-resumption.com"
target="_blank">https://secure-resumption.com</a>?<br>
If so, are there configuration options that can
mitigate the risk?<br>
I've read through the erlang ssl docs, but don't
understand the<br>
subject well enough to tell.<br>
<br>
<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a moz-do-not-send="true"
href="mailto:erlang-questions@erlang.org"
target="_blank">erlang-questions@erlang.org</a><br>
<a moz-do-not-send="true"
href="http://erlang.org/mailman/listinfo/erlang-questions"
target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>