[erlang-questions] Removing SSL v3 support from the ssl module

Andreas Schultz aschultz@REDACTED
Wed Oct 15 11:34:56 CEST 2014


Hi,
----- On 15 Oct, 2014, at 11:10, Kenji Rikitake kenji@REDACTED wrote:

> I'd be glad if how to remove SSL v3 support from OTP ssl module is
> provided by the OTP Team, to prevent getting trapped into the POODLE
> bug. (I think it won't be that hard, regarding what I've found from the
> ssl module source code. The keyword atom is "sslv3".)

Add  {versions, ['tlsv1.2', 'tls1.1', 'tls1']} to your SSL options to restrict
the version choice.

Erlang R17 does im implement RFC 5746 TLS_EMPTY_RENEGOTIATION_INFO_SCSV, but the
draft-ietf-tls-downgrade-scsv-00 TLS_FALLBACK_SCSV that protects from POODLE is
not supported.

Andreas
> 
> Regards,
> Kenji Rikitake
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------- enabling your networks -------------------

Travelping GmbH               phone:         +49-391-819099229
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------



More information about the erlang-questions mailing list