[erlang-questions] Removing SSL v3 support from the ssl module

CT Radu ct.radu.001@REDACTED
Wed Dec 3 14:03:17 CET 2014


Hi all,

Thanks for all the advice.
I've modified the header and also started the application with -ssl
protocol_version [tlsv1, 'tlsv1.1', 'tlsv1.2'] and it seems to work
ssl:versions().
[{ssl_app,"5.1.2"},
{supported,['tlsv1.2','tlsv1.1',tlsv1]},
{available,['tlsv1.2','tlsv1.1',tlsv1]}]

However, it seems that I still get an SSLv3
openssl s_client -ssl3 -connect 127.0.0.1:8936 |grep "Protocol"
Protocol  : SSLv3
Cipher    : DHE-RSA-AES256-SHA

Any ideas what I may have missed ?

Many thanks,
Tiberiu

2014-11-26 23:07 GMT+02:00 Ingela Andin <ingela.andin@REDACTED>:

> Hi!
>
> 2014-11-26 17:51 GMT+01:00 Simon MacMullen <simon@REDACTED>:
>
>> On 26/11/14 15:36, CT Radu wrote:
>>
>>> I am currently stuck with a R15 erlang release and I do want to disable
>>> sslv3 on listening connections.
>>>
>>
>> You can't. The bug OTP-10905 prevents setting SSL versions at all on
>> older versions. You need at least R16B01.
>>
>>
> No you can not do it cleanly, but you could always patch the ssl header
> file which defines the system default and then recompile as a workaround.
>
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
>
>> Sorry.
>>
>> Cheers, Simon
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141203/517be3df/attachment.htm>


More information about the erlang-questions mailing list