<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Patch Package: OTP 19.3.6.4
<br>
Git Tag: OTP-19.3.6.4
<br>
Date: 2017-11-23
<br>
Trouble Report Id: OTP-14748
<br>
Seq num:
<br>
System: OTP
<br>
Release: 19
<br>
Application: ssl-8.1.3.1
<br>
Predecessor: OTP 19.3.6.3
<br>
<br>
Check out the git tag OTP-19.3.6.4, and build a full OTP system
<br>
including documentation. Apply one or more applications from this
<br>
build as patches to your installation using the 'otp_patch_apply'
<br>
tool. For information on install requirements, see descriptions
for
<br>
each application version below.
<br>
<br>
---------------------------------------------------------------------
<br>
--- ssl-8.1.3.1
-----------------------------------------------------
<br>
---------------------------------------------------------------------
<br>
<br>
Note! The ssl-8.1.3.1 application can <b class="moz-txt-star"><span
class="moz-txt-tag">*</span>not<span class="moz-txt-tag">*</span></b>
be applied independently
<br>
of other applications on an arbitrary OTP 19 installation.
<br>
<br>
On a full OTP 19 installation, also the following runtime
<br>
dependency has to be satisfied:
<br>
-- stdlib-3.2 (first satisfied in OTP 19.2)
<br>
<br>
<br>
--- Fixed Bugs and Malfunctions ---
<br>
<br>
OTP-14748 Application(s): ssl
<br>
<br>
An erlang TLS server configured with cipher suites
<br>
using rsa key exchange, may be vulnerable to an
<br>
Adaptive Chosen Ciphertext attack (AKA
Bleichenbacher
<br>
attack) against RSA, which when exploited, may
result
<br>
in plaintext recovery of encrypted messages and/or
a
<br>
Man-in-the-middle (MiTM) attack, despite the
attacker
<br>
not having gained access to the server’s private
key
<br>
itself. CVE-2017-1000385
<br>
<br>
Exploiting this vulnerability to perform plaintext
<br>
recovery of encrypted messages will, in most
practical
<br>
cases, allow an attacker to read the plaintext only
<br>
after the session has completed. Only TLS sessions
<br>
established using RSA key exchange are vulnerable
to
<br>
this attack.
<br>
<br>
Exploiting this vulnerability to conduct a MiTM
attack
<br>
requires the attacker to complete the initial
attack,
<br>
which may require thousands of server requests,
during
<br>
the handshake phase of the targeted session within
the
<br>
window of the configured handshake timeout. This
attack
<br>
may be conducted against any TLS session using RSA
<br>
signatures, but only if cipher suites using RSA key
<br>
exchange are also enabled on the server. The
limited
<br>
window of opportunity, limitations in bandwidth,
and
<br>
latency make this attack significantly more
difficult
<br>
to execute.
<br>
<br>
RSA key exchange is enabled by default although
least
<br>
prioritized if server order is honored. For such a
<br>
cipher suite to be chosen it must also be supported
by
<br>
the client and probably the only shared cipher
suite.
<br>
<br>
Captured TLS sessions encrypted with ephemeral
cipher
<br>
suites (DHE or ECDHE) are not at risk for
subsequent
<br>
decryption due to this vulnerability.
<br>
<br>
As a workaround if default cipher suite
configuration
<br>
was used you can configure the server to not use
<br>
vulnerable suites with the ciphers option like
this:
<br>
<br>
{ciphers, [Suite || Suite <-
ssl:cipher_suites(),
<br>
element(1,Suite) =/= rsa]}
<br>
<br>
that is your code will look somethingh like this:
<br>
<br>
ssl:listen(Port, [{ciphers, [Suite || Suite <-
<br>
ssl:cipher_suites(), element(1,S) =/= rsa]} |
<br>
Options]).
<br>
<br>
Thanks to Hanno Böck, Juraj Somorovsky and Craig
Young
<br>
for reporting this vulnerability.
<br>
<br>
<br>
Full runtime dependencies of ssl-8.1.3.1: crypto-3.3, erts-7.0,
<br>
inets-5.10.7, kernel-3.0, public_key-1.2, stdlib-3.2
<br>
<br>
<br>
---------------------------------------------------------------------
<br>
---------------------------------------------------------------------
<br>
---------------------------------------------------------------------
<br>
<br>
</p>
</body>
</html>