diff options
Diffstat (limited to 'release-notes/OTP-18.3.4.1.1.README.txt')
-rw-r--r-- | release-notes/OTP-18.3.4.1.1.README.txt | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/release-notes/OTP-18.3.4.1.1.README.txt b/release-notes/OTP-18.3.4.1.1.README.txt new file mode 100644 index 0000000..b98ba1c --- /dev/null +++ b/release-notes/OTP-18.3.4.1.1.README.txt @@ -0,0 +1,88 @@ +Patch Package: OTP 18.3.4.1.1 +Git Tag: OTP-18.3.4.1.1 +Date: 2017-11-22 +Trouble Report Id: OTP-14748 +Seq num: +System: OTP +Release: 18 +Application: ssl-7.3.3.0.1 +Predecessor: OTP 18.3.4.1 + + Check out the git tag OTP-18.3.4.1.1, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- ssl-7.3.3.0.1 --------------------------------------------------- + --------------------------------------------------------------------- + + The ssl-7.3.3.0.1 application can be applied independently of other + applications on a full OTP 18 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-14748 Application(s): ssl + + An erlang TLS server configured with cipher suites + using rsa key exchange, may be vulnerable to an + Adaptive Chosen Ciphertext attack (AKA Bleichenbacher + attack) against RSA, which when exploited, may result + in plaintext recovery of encrypted messages and/or a + Man-in-the-middle (MiTM) attack, despite the attacker + not having gained access to the server’s private key + itself. CVE-2017-1000385 + + Exploiting this vulnerability to perform plaintext + recovery of encrypted messages will, in most practical + cases, allow an attacker to read the plaintext only + after the session has completed. Only TLS sessions + established using RSA key exchange are vulnerable to + this attack. + + Exploiting this vulnerability to conduct a MiTM attack + requires the attacker to complete the initial attack, + which may require thousands of server requests, during + the handshake phase of the targeted session within the + window of the configured handshake timeout. This attack + may be conducted against any TLS session using RSA + signatures, but only if cipher suites using RSA key + exchange are also enabled on the server. The limited + window of opportunity, limitations in bandwidth, and + latency make this attack significantly more difficult + to execute. + + RSA key exchange is enabled by default although least + prioritized if server order is honored. For such a + cipher suite to be chosen it must also be supported by + the client and probably the only shared cipher suite. + + Captured TLS sessions encrypted with ephemeral cipher + suites (DHE or ECDHE) are not at risk for subsequent + decryption due to this vulnerability. + + As a workaround if default cipher suite configuration + was used you can configure the server to not use + vulnerable suites with the ciphers option like this: + + {ciphers, [Suite || Suite <- ssl:cipher_suites(), + element(1,Suite) =/= rsa]} + + that is your code will look somethingh like this: + + ssl:listen(Port, [{ciphers, [Suite || Suite <- + ssl:cipher_suites(), element(1,S) =/= rsa]} | + Options]). + + Thanks to Hanno Böck, Juraj Somorovsky and Craig Young + for reporting this vulnerability. + + + Full runtime dependencies of ssl-7.3.3.0.1: crypto-3.3, erts-6.0, + inets-5.10.7, kernel-3.0, public_key-1.0, stdlib-2.0 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- |