aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2017-11-23 15:31:29 +0100
committerIngela Anderton Andin <[email protected]>2017-11-23 15:31:29 +0100
commit8c3a10c0049fb197f438fef5380a85d7e1c53396 (patch)
treed9d9c78f8f8606d6161f472d9a71ff9d4c095a52 /lib/ssl/doc
parent8c54c2199c503e7eac931b4e1765f5307726dcc8 (diff)
parent7dd7c1aad07b726759dc98bb2a439e32d2e833f1 (diff)
downloadotp-8c3a10c0049fb197f438fef5380a85d7e1c53396.tar.gz
otp-8c3a10c0049fb197f438fef5380a85d7e1c53396.tar.bz2
otp-8c3a10c0049fb197f438fef5380a85d7e1c53396.zip
Merge tag 'OTP-18.3.4.1.1' into maint-18
=== OTP-18.3.4.1.1 === Changed Applications: - ssl-7.3.3.0.1 Unchanged Applications: - asn1-4.0.2 - common_test-1.12.1 - compiler-6.0.3 - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2.1 - cosProperty-1.2 - cosTime-1.2.1 - cosTransactions-1.3.1 - crypto-3.6.3 - debugger-4.1.2 - dialyzer-2.9 - diameter-1.11.2 - edoc-0.7.18 - eldap-1.2.1 - erl_docgen-0.4.2 - erl_interface-3.8.2 - erts-7.3.1 - et-1.5.1 - eunit-2.2.13 - gs-1.6 - hipe-3.15 - ic-4.4 - inets-6.2.4 - jinterface-1.6.1 - kernel-4.2 - megaco-3.18 - mnesia-4.13.4 - observer-2.1.2 - odbc-2.11.1 - orber-3.8.1 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1.1 - percept-0.8.11 - public_key-1.1.1 - reltool-0.7 - runtime_tools-1.9.3 - sasl-2.7 - snmp-5.2.2 - ssh-4.2.2.1 - stdlib-2.8 - syntax_tools-1.7 - test_server-3.10 - tools-2.8.3 - typer-0.9.10 - webtool-0.9.1 - wx-1.6.1 - xmerl-1.3.10 Conflicts: OTP_VERSION lib/ssl/vsn.mk otp_versions.table
Diffstat (limited to 'lib/ssl/doc')
-rw-r--r--lib/ssl/doc/src/notes.xml55
1 files changed, 54 insertions, 1 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index ecf183846a..0ba0bb9634 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -27,7 +27,6 @@
</header>
<p>This document describes the changes made to the SSL application.</p>
-
<section><title>SSL 7.3.3.2</title>
<section><title>Fixed Bugs and Malfunctions</title>
@@ -102,6 +101,60 @@
</section>
+ <section><title>SSL 7.3.3.0.1</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p> An erlang TLS server configured with cipher suites
+ using rsa key exchange, may be vulnerable to an Adaptive
+ Chosen Ciphertext attack (AKA Bleichenbacher attack)
+ against RSA, which when exploited, may result in
+ plaintext recovery of encrypted messages and/or a
+ Man-in-the-middle (MiTM) attack, despite the attacker not
+ having gained access to the server’s private key
+ itself. <url
+ href="https://nvd.nist.gov/vuln/detail/CVE-2017-1000385">CVE-2017-1000385</url>
+ </p> <p> Exploiting this vulnerability to perform
+ plaintext recovery of encrypted messages will, in most
+ practical cases, allow an attacker to read the plaintext
+ only after the session has completed. Only TLS sessions
+ established using RSA key exchange are vulnerable to this
+ attack. </p> <p> Exploiting this vulnerability to conduct
+ a MiTM attack requires the attacker to complete the
+ initial attack, which may require thousands of server
+ requests, during the handshake phase of the targeted
+ session within the window of the configured handshake
+ timeout. This attack may be conducted against any TLS
+ session using RSA signatures, but only if cipher suites
+ using RSA key exchange are also enabled on the server.
+ The limited window of opportunity, limitations in
+ bandwidth, and latency make this attack significantly
+ more difficult to execute. </p> <p> RSA key exchange is
+ enabled by default although least prioritized if server
+ order is honored. For such a cipher suite to be chosen it
+ must also be supported by the client and probably the
+ only shared cipher suite. </p> <p> Captured TLS sessions
+ encrypted with ephemeral cipher suites (DHE or ECDHE) are
+ not at risk for subsequent decryption due to this
+ vulnerability. </p> <p> As a workaround if default cipher
+ suite configuration was used you can configure the server
+ to not use vulnerable suites with the ciphers option like
+ this: </p> <c> {ciphers, [Suite || Suite &lt;-
+ ssl:cipher_suites(), element(1,Suite) =/= rsa]} </c> <p>
+ that is your code will look somethingh like this: </p>
+ <c> ssl:listen(Port, [{ciphers, [Suite || Suite &lt;-
+ ssl:cipher_suites(), element(1,S) =/= rsa]} | Options]).
+ </c> <p> Thanks to Hanno Böck, Juraj Somorovsky and
+ Craig Young for reporting this vulnerability. </p>
+ <p>
+ Own Id: OTP-14748</p>
+ </item>
+ </list>
+ </section>
+
+ </section>
+
<section><title>SSL 7.3.3</title>
<section><title>Fixed Bugs and Malfunctions</title>