[erlang-questions] Compiling Erlang without RC4?
Oliver Korpilla
Oliver.Korpilla@REDACTED
Wed Sep 14 12:39:40 CEST 2016
Hello, Luis.
Yes, I thought about building Erlang on a more "full-featured" machine and deploying it as a statically linked binary as alternate solution.
Since we rely on SCTP support in the kernel, however, my personal guess would be that this is a little risky but doable and will require testing if all features still work properly on target.
So, yes, this would have been our next option to pursue. :)
Thanks,
Oliver
Gesendet: Mittwoch, 14. September 2016 um 10:15 Uhr
Von: "Luis Rascão" <luis.rascao@REDACTED>
An: "Andreas Schultz" <aschultz@REDACTED>
Cc: "Oliver Korpilla" <Oliver.Korpilla@REDACTED>, erlang-questions <erlang-questions@REDACTED>
Betreff: Re: [erlang-questions] Compiling Erlang without RC4?
You could build OpenSSL yourself and link statically link Erlang with it, would that work also maybe?
On Wed, Sep 14, 2016 at 9:08 AM, Andreas Schultz <aschultz@REDACTED> wrote:Hi Oliver,
You could try the attached patch. This just disables the rc4 support,
for a pull request, some adjustments to the test suite might be
required as well.
I don't have a OpenSSL without RC4, so this is purely guesswork!
Andreas
----- Original Message -----
> From: "Oliver Korpilla" <Oliver.Korpilla@REDACTED[Oliver.Korpilla@REDACTED]>
> To: "Alexander Færøy" <ahf@REDACTED[ahf@REDACTED]>
> Cc: "erlang-questions" <erlang-questions@REDACTED[erlang-questions@REDACTED]>
> Sent: Tuesday, September 13, 2016 11:03:03 PM
> Subject: Re: [erlang-questions] Compiling Erlang without RC4?
> Hello, Alexander.
>
> You misunderstand... I'm not concerned at all. The Linux distribution I have to
> work with removed the rc4.h header and without it I can not compile the Erlang
> runtime environment (and not deploy my application).
>
> I did a cursory look but it is as you say - I found no guards and there were
> plenty of references towards definitions from that header, so I was a bit out
> on a limb to ask if anything knew a trick to compile the Erlang runtime without
> this header...
>
> Thanks,
> Oliver
>
>
>
> Gesendet: Dienstag, 13. September 2016 um 20:42 Uhr
> Von: "Alexander Færøy" <ahf@REDACTED[ahf@REDACTED]>
> An: erlang-questions <erlang-questions@REDACTED[erlang-questions@REDACTED]>
> Betreff: Re: [erlang-questions] Compiling Erlang without RC4?
> On 13 September 2016 at 17:16, Oliver Korpilla <Oliver.Korpilla@REDACTED[Oliver.Korpilla@REDACTED]> wrote:
>> We currently have to work with a system where somebody thought removing rc4.h
>> would solve the security issues involved with this weak algorithm...
>>
>> Is there any way to build Erlang without RC4 (but still with crypto
>> functionality)?
>
> It doesn't look like the RC4 functionality is hidden behind a guard in
> the C source code, but I don't think you should be overly worried
> about using an Erlang release that contains RC4 support.
>
> If you take a look at the ciphers that the SSL application will use by
> default, you will see that there's no RC4 ciphers included (at least
> not in my OTP-18 installation locally):
>
> lists:foreach(fun (Suite) -> io:format("~p~n", [Suite]) end,
> ssl:cipher_suites()).
>
> You could consider filtering out the 3DES ciphers that are enabled by
> default though[1] using the {ciphers, [...]} option for SSL
> connections.
>
> Cheers,
> Alex.
>
> [1]: https://sweet32.info[https://sweet32.info]
>
>
> --
> Alexander Færøy
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED[erlang-questions@REDACTED]
> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions][http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]]
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED[erlang-questions@REDACTED]
> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]
_______________________________________________
erlang-questions mailing list
erlang-questions@REDACTED[erlang-questions@REDACTED]
http://erlang.org/mailman/listinfo/erlang-questions
--
PGP fingerprint: F708 E141 AE8D 2D38 E1BC DF3D 1719 3EA0 647D 7260
More information about the erlang-questions
mailing list