[erlang-questions] SSL/TLS MITM CCS Injection case on Erlang ssl module?
Kenneth Lundin
kenneth.lundin@REDACTED
Thu Jun 5 21:33:54 CEST 2014
The SSL/TLS protocol is implemented in Erlang
, only the crypto routines (libcrypto) from OpenSSL are used.
So it seems that these CVEs are not relevant for Erlang.
/Kenneth Erlang/OTP, Ericsson
On Thu, Jun 5, 2014 at 8:49 PM, Guilherme Andrade <g@REDACTED> wrote:
> AFAIK, all the handshake logic is implemented in Erlang; quoting from
> memory based on some previous thread (probably around the time of
> heartbleed), OpenSSL is used only for the heavy arithmetic. If in fact
> true, this would discard automatically a part of those CVEs. But I'd
> rather wait for a more informed opinion on this.
>
> Cheers,
>
>
> On 05-06-2014 14:15, Kenji Rikitake wrote:
> > I'd be glad if Erlang core team could give an idea about how the
> > vulnerability of CVE-2014-0224 would or would not affect Erlang ssl
> > module:
> >
> > http://www.openssl.org/news/secadv_20140605.txt
> >
> http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
> >
> > Regards,
> > Kenji Rikitake
> >
> >
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
>
> --
> Guilherme Andrade
>
> PGP fingerprint: 1968 5252 3901 B40F ED8A D67A 9330 79B1 35CB 8191
>
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140605/d5d18b66/attachment.htm>
More information about the erlang-questions
mailing list