[erlang-questions] Compiling Erlang without RC4?
Andreas Schultz
aschultz@REDACTED
Wed Sep 14 15:12:53 CEST 2016
Hi Oliver,
Test suite was simple enough, so I made the RC4 fix into a real pull request:
https://github.com/erlang/otp/pull/1169
Andreas
----- Original Message -----
> From: "Oliver Korpilla" <Oliver.Korpilla@REDACTED>
> To: "Luis Rascão" <luis.rascao@REDACTED>
> Cc: "erlang-questions" <erlang-questions@REDACTED>
> Sent: Wednesday, September 14, 2016 12:39:40 PM
> Subject: Re: [erlang-questions] Compiling Erlang without RC4?
> Hello, Luis.
>
> Yes, I thought about building Erlang on a more "full-featured" machine and
> deploying it as a statically linked binary as alternate solution.
>
> Since we rely on SCTP support in the kernel, however, my personal guess would be
> that this is a little risky but doable and will require testing if all features
> still work properly on target.
>
> So, yes, this would have been our next option to pursue. :)
>
> Thanks,
> Oliver
>
>
> Gesendet: Mittwoch, 14. September 2016 um 10:15 Uhr
> Von: "Luis Rascão" <luis.rascao@REDACTED>
> An: "Andreas Schultz" <aschultz@REDACTED>
> Cc: "Oliver Korpilla" <Oliver.Korpilla@REDACTED>, erlang-questions
> <erlang-questions@REDACTED>
> Betreff: Re: [erlang-questions] Compiling Erlang without RC4?
>
> You could build OpenSSL yourself and link statically link Erlang with it, would
> that work also maybe?
>
> On Wed, Sep 14, 2016 at 9:08 AM, Andreas Schultz <aschultz@REDACTED> wrote:Hi
> Oliver,
>
> You could try the attached patch. This just disables the rc4 support,
> for a pull request, some adjustments to the test suite might be
> required as well.
>
> I don't have a OpenSSL without RC4, so this is purely guesswork!
>
> Andreas
>
> ----- Original Message -----
>> From: "Oliver Korpilla" <Oliver.Korpilla@REDACTED[Oliver.Korpilla@REDACTED]>
>> To: "Alexander Færøy" <ahf@REDACTED[ahf@REDACTED]>
>> Cc: "erlang-questions"
>> <erlang-questions@REDACTED[erlang-questions@REDACTED]>
>> Sent: Tuesday, September 13, 2016 11:03:03 PM
>> Subject: Re: [erlang-questions] Compiling Erlang without RC4?
>
>> Hello, Alexander.
>>
>> You misunderstand... I'm not concerned at all. The Linux distribution I have to
>> work with removed the rc4.h header and without it I can not compile the Erlang
>> runtime environment (and not deploy my application).
>>
>> I did a cursory look but it is as you say - I found no guards and there were
>> plenty of references towards definitions from that header, so I was a bit out
>> on a limb to ask if anything knew a trick to compile the Erlang runtime without
>> this header...
>>
>> Thanks,
>> Oliver
>>
>>
>>
>> Gesendet: Dienstag, 13. September 2016 um 20:42 Uhr
>> Von: "Alexander Færøy" <ahf@REDACTED[ahf@REDACTED]>
>> An: erlang-questions <erlang-questions@REDACTED[erlang-questions@REDACTED]>
>> Betreff: Re: [erlang-questions] Compiling Erlang without RC4?
>> On 13 September 2016 at 17:16, Oliver Korpilla
>> <Oliver.Korpilla@REDACTED[Oliver.Korpilla@REDACTED]> wrote:
>>> We currently have to work with a system where somebody thought removing rc4.h
>>> would solve the security issues involved with this weak algorithm...
>>>
>>> Is there any way to build Erlang without RC4 (but still with crypto
>>> functionality)?
>>
>> It doesn't look like the RC4 functionality is hidden behind a guard in
>> the C source code, but I don't think you should be overly worried
>> about using an Erlang release that contains RC4 support.
>>
>> If you take a look at the ciphers that the SSL application will use by
>> default, you will see that there's no RC4 ciphers included (at least
>> not in my OTP-18 installation locally):
>>
>> lists:foreach(fun (Suite) -> io:format("~p~n", [Suite]) end,
>> ssl:cipher_suites()).
>>
>> You could consider filtering out the 3DES ciphers that are enabled by
>> default though[1] using the {ciphers, [...]} option for SSL
>> connections.
>>
>> Cheers,
>> Alex.
>>
>> [1]: https://sweet32.info[https://sweet32.info]
>>
>>
>> --
>> Alexander Færøy
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED[erlang-questions@REDACTED]
>> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions][http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]]
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED[erlang-questions@REDACTED]
>> http://erlang.org/mailman/listinfo/erlang-questions[http://erlang.org/mailman/listinfo/erlang-questions]
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED[erlang-questions@REDACTED]
> http://erlang.org/mailman/listinfo/erlang-questions
>
> --
>
> PGP fingerprint: F708 E141 AE8D 2D38 E1BC DF3D 1719 3EA0 647D 7260
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list