diff options
| author | Erlang/OTP <[email protected]> | 2017-11-22 15:56:17 +0100 | 
|---|---|---|
| committer | Erlang/OTP <[email protected]> | 2017-11-22 15:56:17 +0100 | 
| commit | 35dcf104061ea1d0afc30c614038c97a7cd93ddf (patch) | |
| tree | dc188ee54fb943b4cffcb7420a8cdb0c4b3c3b6b /lib/ssl/doc/src | |
| parent | 73a18c9fb79d05fea62d3e0128698d559bcfe3d5 (diff) | |
| download | otp-35dcf104061ea1d0afc30c614038c97a7cd93ddf.tar.gz otp-35dcf104061ea1d0afc30c614038c97a7cd93ddf.tar.bz2 otp-35dcf104061ea1d0afc30c614038c97a7cd93ddf.zip | |
Update release notes
Diffstat (limited to 'lib/ssl/doc/src')
| -rw-r--r-- | lib/ssl/doc/src/notes.xml | 54 | 
1 files changed, 54 insertions, 0 deletions
| diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 1e8de1a8a3..ecf183846a 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -28,6 +28,60 @@    <p>This document describes the changes made to the SSL application.</p> +<section><title>SSL 7.3.3.2</title> + +    <section><title>Fixed Bugs and Malfunctions</title> +      <list> +        <item> +	    <p> An erlang TLS server configured with cipher suites +	    using rsa key exchange, may be vulnerable to an Adaptive +	    Chosen Ciphertext attack (AKA Bleichenbacher attack) +	    against RSA, which when exploited, may result in +	    plaintext recovery of encrypted messages and/or a +	    Man-in-the-middle (MiTM) attack, despite the attacker not +	    having gained access to the server’s private key +	    itself. <url +	    href="https://nvd.nist.gov/vuln/detail/CVE-2017-1000385">CVE-2017-1000385</url> +	    </p> <p> Exploiting this vulnerability to perform +	    plaintext recovery of encrypted messages will, in most +	    practical cases, allow an attacker to read the plaintext +	    only after the session has completed. Only TLS sessions +	    established using RSA key exchange are vulnerable to this +	    attack. </p> <p> Exploiting this vulnerability to conduct +	    a MiTM attack requires the attacker to complete the +	    initial attack, which may require thousands of server +	    requests, during the handshake phase of the targeted +	    session within the window of the configured handshake +	    timeout. This attack may be conducted against any TLS +	    session using RSA signatures, but only if cipher suites +	    using RSA key exchange are also enabled on the server. +	    The limited window of opportunity, limitations in +	    bandwidth, and latency make this attack significantly +	    more difficult to execute. </p> <p> RSA key exchange is +	    enabled by default although least prioritized if server +	    order is honored. For such a cipher suite to be chosen it +	    must also be supported by the client and probably the +	    only shared cipher suite. </p> <p> Captured TLS sessions +	    encrypted with ephemeral cipher suites (DHE or ECDHE) are +	    not at risk for subsequent decryption due to this +	    vulnerability. </p> <p> As a workaround if default cipher +	    suite configuration was used you can configure the server +	    to not use vulnerable suites with the ciphers option like +	    this: </p> <c> {ciphers, [Suite || Suite <- +	    ssl:cipher_suites(), element(1,Suite) =/= rsa]} </c> <p> +	    that is your code will look somethingh like this: </p> +	    <c> ssl:listen(Port, [{ciphers, [Suite || Suite <- +	    ssl:cipher_suites(), element(1,S) =/= rsa]} | Options]). +	    </c> <p> Thanks to Hanno Böck, Juraj Somorovsky and +	    Craig Young for reporting this vulnerability. </p> +          <p> +	    Own Id: OTP-14748</p> +        </item> +      </list> +    </section> + +</section> +  <section><title>SSL 7.3.3.1</title>      <section><title>Fixed Bugs and Malfunctions</title> | 
