[erlang-questions] SSL/TLS MITM CCS Injection case on Erlang ssl module?
Guilherme Andrade
g@REDACTED
Thu Jun 5 20:49:25 CEST 2014
AFAIK, all the handshake logic is implemented in Erlang; quoting from
memory based on some previous thread (probably around the time of
heartbleed), OpenSSL is used only for the heavy arithmetic. If in fact
true, this would discard automatically a part of those CVEs. But I'd
rather wait for a more informed opinion on this.
Cheers,
On 05-06-2014 14:15, Kenji Rikitake wrote:
> I'd be glad if Erlang core team could give an idea about how the
> vulnerability of CVE-2014-0224 would or would not affect Erlang ssl
> module:
>
> http://www.openssl.org/news/secadv_20140605.txt
> http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
>
> Regards,
> Kenji Rikitake
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
--
Guilherme Andrade
PGP fingerprint: 1968 5252 3901 B40F ED8A D67A 9330 79B1 35CB 8191
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140605/eae21658/attachment.bin>
More information about the erlang-questions
mailing list