FYI ---------- Forwarded message ---------- From: Andreas Schultz <[email protected]> Date: Tue, Dec 9, 2014 at 12:21 PM Subject: [erlang-questions] POODLE 2.0 and Erlang To: Erlang <[email protected]>
Hi, The SSL POODLE attacks is back and this time it affects TLS 1.0: https://www.imperialviolet.org/2014/12/08/poodleagain.html The blog entry refers to an interesting discussion on TLS WG maillinglist: https://www.ietf.org/mail-archive/web/tls/current/msg14072.html It went to check the Erlang SSL stack and it does contain this comment: %% For interoperability reasons we do not check the padding content in %% SSL 3.0 and TLS 1.0 as it is not strictly required and breaks %% interopability with for instance Google. In other words, Erlangs TLS 1.0 implementation is 100% RFC compliant and still vulnerable to a POODLE attack on TLS 1.0. For the paranoid, this is a quick fix hack to check padding bytes on TLS 1.0: diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index a6e5e1b..9e23229 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -1638,8 +1638,7 @@ generic_stream_cipher_from_bin(T, HashSz) -> %% SSL 3.0 and TLS 1.0 as it is not strictly required and breaks %% interopability with for instance Google. is_correct_padding(#generic_block_cipher{padding_length = Len, - padding = Padding}, {3, N}) - when N == 0; N == 1 -> + padding = Padding}, {3, 0}) -> Len == byte_size(Padding); %% Padding must be check in TLS 1.1 and after is_correct_padding(#generic_block_cipher{padding_length = Len, Andreas -- -- Dipl. Inform. Andreas Schultz _______________________________________________ erlang-questions mailing list [email protected] http://erlang.org/mailman/listinfo/erlang-questions
