[erlang-questions] Securing link between nodes

Per Hedeland per@REDACTED
Sat Sep 9 21:25:00 CEST 2006


Jordan Wilberding <wilbjor@REDACTED> wrote:
>
>Chandru wrote:
>> On 08/09/06, *Jordan Wilberding* <wilbjor@REDACTED
>> <mailto:wilbjor@REDACTED>> wrote:
>> 
>>     Hello,
>> 
>>     I know this question has been asked before, but I have a few more
>>     questions about it.
>> 
>>     I am wanting to encrypt all communications between each node
>>     transparently(that is to say, without the erlang code knowing anything
>>     about it). It appears the best you can do now is use SSL for
>>     authentication, but it still doesn't encrypt the actual messages.
>> 
>> 
>> I have never tried it, but if you configured erlang distribution over
>> SSL, all communication between the nodes should be encrypted. Not just
>> authentication.
>> 
>> See
>> http://www.erlang.org/doc/doc-5.5/lib/ssl-3.0.12/doc/html/ssl_distribution.html#5
>> 
>> Chandru
>
>Actually I did this method and it doesn't encrypt all information, as I
>am able to pick up the text of messages with tcpdump.

Well, you probably did something wrong (or the SSL stuff is broken - I
haven't tried it either) - SSL certainly offers transport encryption.
While it's possible to have it use a NULL cipher for the transport,
you'd really have to go out of your way to make that happen (e.g. I
don't believe this possibility is enabled in a default OpenSSL build).

Using SSL just for authentication in the context of distributed Erlang
would be pretty pointless, as the default authentication mechanism is
quite good (given a "good" cookie and safeguarding it as you would
e.g. a SSL private key) - the cookie is never sent on the wire.

--Per Hedeland



More information about the erlang-questions mailing list