[erlang-questions] Removing SSL v3 support from the ssl module
Andreas Schultz
aschultz@REDACTED
Wed Oct 15 11:34:56 CEST 2014
Hi,
----- On 15 Oct, 2014, at 11:10, Kenji Rikitake kenji@REDACTED wrote:
> I'd be glad if how to remove SSL v3 support from OTP ssl module is
> provided by the OTP Team, to prevent getting trapped into the POODLE
> bug. (I think it won't be that hard, regarding what I've found from the
> ssl module source code. The keyword atom is "sslv3".)
Add {versions, ['tlsv1.2', 'tls1.1', 'tls1']} to your SSL options to restrict
the version choice.
Erlang R17 does im implement RFC 5746 TLS_EMPTY_RENEGOTIATION_INFO_SCSV, but the
draft-ietf-tls-downgrade-scsv-00 TLS_FALLBACK_SCSV that protects from POODLE is
not supported.
Andreas
>
> Regards,
> Kenji Rikitake
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
--
--
Dipl. Inform.
Andreas Schultz
email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073
------------------- enabling your networks -------------------
Travelping GmbH phone: +49-391-819099229
Roentgenstr. 13 fax: +49-391-819099299
D-39108 Magdeburg email: info@REDACTED
GERMANY web: http://www.travelping.com
Company Registration: Amtsgericht Stendal Reg No.: HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------
More information about the erlang-questions
mailing list