https://bugzilla.redhat.com/show_bug.cgi?id=1206714
--- Comment #4 from David A. Cafaro <[email protected]> --- Looking upstream it appears a patch for this was added in Release 17.5 and later. http://www.erlang.org/download/otp_src_17.5.readme "OTP-12420 Application(s): ssl *** POTENTIAL INCOMPATIBILITY *** Add padding check for TLS-1.0 to remove Poodle vulnerability from TLS 1.0, also add the option padding_check. This option only affects TLS-1.0 connections and if set to false it disables the block cipher padding check to be able to interoperate with legacy software. OTP-12458 Application(s): ssl Add support for TLS_FALLBACK_SCSV used to prevent undesired TLS version downgrades. If used by a client that is vulnerable to the POODLE attack, and the server also supports TLS_FALLBACK_SCSV, the attack can be prevented." I have not found a back port to the current Release 14 Beta 4 in the repos. Do we have any status on a fix for this? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ erlang mailing list [email protected] https://lists.fedoraproject.org/mailman/listinfo/erlang
