<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">thanks. i'll try that.<br>
      <br>
      On 1/20/15 11:24 AM, Ingela Andin wrote:<br>
    </div>
    <blockquote
cite="mid:CADq4+MrZzaODo44i0-zZODmBRZ9vrRyq5xqq-5n9ZLzHU-sOoQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>Hi!<br>
          </div>
          <div><br>
            Well you could set <span class="">{reuse_sessions,
              boolean()} to false, it could have some performance
              penalty but  destroys the prerequisites for the attack.<br>
            </span></div>
          <span class=""></span><br>
        </div>
        Regards Ingela Erlang/OTP team - Ericsson AB<br>
        <div>
          <div>
            <div>
              <div class="gmail_extra"><br>
                <div class="gmail_quote">On Thu, Jan 15, 2015 at 4:50
                  PM, Garry Hodgson <span dir="ltr"><<a
                      moz-do-not-send="true"
                      href="mailto:garry@research.att.com"
                      target="_blank">garry@research.att.com</a>></span>
                  wrote:<br>
                  <blockquote class="gmail_quote" style="margin:0px 0px
                    0px 0.8ex;border-left:1px solid
                    rgb(204,204,204);padding-left:1ex">Are the erlang
                    ssl libraries subject to the TLS triple handshake<br>
                    vulnerability described at <a
                      moz-do-not-send="true"
                      href="https://secure-resumption.com"
                      target="_blank">https://secure-resumption.com</a>?<br>
                    If so, are there configuration options that can
                    mitigate the risk?<br>
                    I've read through the erlang ssl docs, but don't
                    understand the<br>
                    subject well enough to tell.<br>
                    <br>
                    <br>
                    _______________________________________________<br>
                    erlang-questions mailing list<br>
                    <a moz-do-not-send="true"
                      href="mailto:erlang-questions@erlang.org"
                      target="_blank">erlang-questions@erlang.org</a><br>
                    <a moz-do-not-send="true"
                      href="http://erlang.org/mailman/listinfo/erlang-questions"
                      target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
                  </blockquote>
                </div>
                <br>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>