[erlang-questions] Removing SSL v3 support from the ssl module
Vincent de Phily
vincent.dephily@REDACTED
Wed Oct 22 17:29:10 CEST 2014
On Wednesday 15 October 2014 19:41:23 Steve Vinoski wrote:
> On Wed, Oct 15, 2014 at 5:34 AM, Andreas Schultz <aschultz@REDACTED> wrote:
> > Hi,
> >
> > ----- On 15 Oct, 2014, at 11:10, Kenji Rikitake kenji@REDACTED wrote:
> > > I'd be glad if how to remove SSL v3 support from OTP ssl module is
> > > provided by the OTP Team, to prevent getting trapped into the POODLE
> > > bug. (I think it won't be that hard, regarding what I've found from the
> > > ssl module source code. The keyword atom is "sslv3".)
> >
> > Add {versions, ['tlsv1.2', 'tls1.1', 'tls1']} to your SSL options to
> > restrict
> > the version choice.
>
> Slight correction: {versions, ['tlsv1.2', 'tlsv1.1', 'tlsv1']}
I suggest going with
proplists:get_value(available,ssl:versions()) -- [sslv3]
to future-proof your code a bit. I'm not sure what the difference between
'supported' and 'available' is (a clarification in the docs would be nice),
neither of them seem to be affected by the command-line argument to restrict
versions.
--
Vincent de Phily
More information about the erlang-questions
mailing list