[erlang-questions] Does Erlang/OTP SSL app have heartbleed vulnerability?

Danil Zagoskin z@REDACTED
Tue Apr 8 06:37:09 CEST 2014


Recently heartbleed bug was found in openssl: http://heartbleed.com/

As far as I know, OTP SSL and crypto apps use openssl, but some of SSL
handshake logic is rewritten in Erlang.

Grepping lib/ssl and lib/crypto sources for 'heartbeat' didn't give any
I have not found any tool to check a server for the vulnerability either.

So, should anyone using SSL in OTP immediately upgrade openssl to fix this

Danil Zagoskin | z@REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140408/3084437c/attachment.htm>

More information about the erlang-questions mailing list