<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Patch Package:Â Â Â OTP 20.1.7
<br>
Git Tag:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â OTP-20.1.7
<br>
Date:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 2017-11-22
<br>
Trouble Report Id:Â OTP-14632, OTP-14653, OTP-14655, OTP-14748,
OTP-14766
<br>
Seq num:
<br>
System:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â OTP
<br>
Release:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 20
<br>
Application:Â Â Â Â Â Â Â Â Â Â Â public_key-1.5.1, ssl-8.2.2
<br>
Predecessor:Â Â Â Â Â Â Â Â Â OTP 20.1.6
<br>
<br>
 Check out the git tag OTP-20.1.7, and build a full OTP system
<br>
 including documentation. Apply one or more applications from this
<br>
 build as patches to your installation using the 'otp_patch_apply'
<br>
 tool. For information on install requirements, see descriptions
for
<br>
 each application version below.
<br>
<br>
 ---------------------------------------------------------------------
<br>
 --- public_key-1.5.1
------------------------------------------------
<br>
 ---------------------------------------------------------------------
<br>
<br>
 The public_key-1.5.1 application can be applied independently of
<br>
 other applications on a full OTP 20 installation.
<br>
<br>
 --- Improvements and New Features ---
<br>
<br>
 OTP-14653   Application(s): public_key
<br>
<br>
              Hostname verification: Add handling of the general
name
<br>
              iPAddress in certificate's subject alternative name
<br>
              extension (subjAltName).
<br>
<br>
<br>
 OTP-14766   Application(s): public_key
<br>
<br>
              Correct key handling in pkix_test_data/1 and use a
<br>
              generic example mail address instead of an existing
<br>
              one.
<br>
<br>
<br>
 Full runtime dependencies of public_key-1.5.1: asn1-3.0,
crypto-3.8,
<br>
 erts-6.0, kernel-3.0, stdlib-2.0
<br>
<br>
<br>
 ---------------------------------------------------------------------
<br>
 --- ssl-8.2.2
-------------------------------------------------------
<br>
 ---------------------------------------------------------------------
<br>
<br>
 Note! The ssl-8.2.2 application can <b class="moz-txt-star"><span
class="moz-txt-tag">*</span>not<span class="moz-txt-tag">*</span></b>
be applied independently of
<br>
      other applications on an arbitrary OTP 20 installation.
<br>
<br>
      On a full OTP 20 installation, also the following runtime
<br>
      dependency has to be satisfied:
<br>
      -- public_key-1.5 (first satisfied in OTP 20.1)
<br>
<br>
<br>
 --- Fixed Bugs and Malfunctions ---
<br>
<br>
 OTP-14632   Application(s): ssl
<br>
<br>
              TLS sessions must be registered with SNI if
provided,
<br>
              so that sessions where client hostname verification
<br>
              would fail can not connect reusing a session
created
<br>
              when the server name verification succeeded.
<br>
<br>
              Thanks to Graham Christensen for reporting this.
<br>
<br>
<br>
 OTP-14748   Application(s): ssl
<br>
<br>
              An erlang TLS server configured with cipher suites
<br>
              using rsa key exchange, may be vulnerable to an
<br>
              Adaptive Chosen Ciphertext attack (AKA
Bleichenbacher
<br>
              attack) against RSA, which when exploited, may
result
<br>
              in plaintext recovery of encrypted messages and/or
a
<br>
              Man-in-the-middle (MiTM) attack, despite the
attacker
<br>
              not having gained access to the server’s private
key
<br>
              itself. CVE-2017-1000385
<br>
<br>
              Exploiting this vulnerability to perform plaintext
<br>
              recovery of encrypted messages will, in most
practical
<br>
              cases, allow an attacker to read the plaintext only
<br>
              after the session has completed. Only TLS sessions
<br>
              established using RSA key exchange are vulnerable
to
<br>
              this attack.
<br>
<br>
              Exploiting this vulnerability to conduct a MiTM
attack
<br>
              requires the attacker to complete the initial
attack,
<br>
              which may require thousands of server requests,
during
<br>
              the handshake phase of the targeted session within
the
<br>
              window of the configured handshake timeout. This
attack
<br>
              may be conducted against any TLS session using RSA
<br>
              signatures, but only if cipher suites using RSA key
<br>
              exchange are also enabled on the server. The
limited
<br>
              window of opportunity, limitations in bandwidth,
and
<br>
              latency make this attack significantly more
difficult
<br>
              to execute.
<br>
<br>
              RSA key exchange is enabled by default although
least
<br>
              prioritized if server order is honored. For such a
<br>
              cipher suite to be chosen it must also be supported
by
<br>
              the client and probably the only shared cipher
suite.
<br>
<br>
              Captured TLS sessions encrypted with ephemeral
cipher
<br>
              suites (DHE or ECDHE) are not at risk for
subsequent
<br>
              decryption due to this vulnerability.
<br>
<br>
              As a workaround if default cipher suite
configuration
<br>
              was used you can configure the server to not use
<br>
              vulnerable suites with the ciphers option like
this:
<br>
<br>
              {ciphers, [Suite || Suite <-
ssl:cipher_suites(),
<br>
              element(1,Suite) =/= rsa]}
<br>
<br>
              that is your code will look somethingh like this:
<br>
<br>
              ssl:listen(Port, [{ciphers, [Suite || Suite <-
<br>
              ssl:cipher_suites(), element(1,S) =/= rsa]} |
<br>
              Options]).
<br>
<br>
              Thanks to Hanno Böck, Juraj Somorovsky and Craig
Young
<br>
              for reporting this vulnerability.
<br>
<br>
<br>
 --- Improvements and New Features ---
<br>
<br>
 OTP-14655   Application(s): ssl
<br>
<br>
              If no SNI is available and the hostname is an
<br>
              IP-address also check for IP-address match. This
check
<br>
              is not as good as a DNS hostname check and
certificates
<br>
              using IP-address are not recommended.
<br>
<br>
              Thanks to Graham Christensen for reporting this.
<br>
<br>
<br>
 Full runtime dependencies of ssl-8.2.2: crypto-3.3, erts-7.0,
<br>
 inets-5.10.7, kernel-3.0, public_key-1.5, stdlib-3.2
<br>
<br>
<br>
 ---------------------------------------------------------------------
<br>
 ---------------------------------------------------------------------
<br>
 ---------------------------------------------------------------------
<br>
</p>
</body>
</html>