SSLv2 oldest version of erlang to support it?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSLv2 oldest version of erlang to support it?

Vans S
Does anyone know which version of Erlang still supports SSLv2, we need to interop with some very legacy software inside a very secure network.

To my surprise SSLv2 is totally dropped from R20.2, its not even behind any special flags?

Which version of OTP would support SSLv2?

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: SSLv2 oldest version of erlang to support it?

Stanislaw Klekot
On Sat, Mar 10, 2018 at 04:57:17AM +0000, Vans S wrote:
> Does anyone know which version of Erlang still supports SSLv2, we need to interop with some very legacy software inside a very secure network.
>
> To my surprise SSLv2 is totally dropped from R20.2, its not even behind any special flags?
>
> Which version of OTP would support SSLv2?

R15 already has it unsupported, according to the manual. After
erldocs.com, you'd need to go as far as R13.

Why won't you wrap the connection with stunnel? You wouldn't need to
maintain a compilation of a really old Erlang version.

--
Stanislaw Klekot
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: SSLv2 oldest version of erlang to support it?

Ingela Andin
Hi!

2018-03-10 12:21 GMT+01:00 Stanislaw Klekot <[hidden email]>:
On Sat, Mar 10, 2018 at 04:57:17AM +0000, Vans S wrote:
> Does anyone know which version of Erlang still supports SSLv2, we need to interop with some very legacy software inside a very secure network.
>
> To my surprise SSLv2 is totally dropped from R20.2, its not even behind any special flags?


?   

SSLv2 has never been supported by the Erlang implementation of SSL/TLS. In R13 when OpenSSL was used v2 could of course be supported
if OpenSSL supported it.

There is still a special flag to interop with clients that offer SSLv2 but can use higher versions. 


{v2_hello_compatible, boolean()}
If true, the server accepts clients that send hello messages on SSL-2.0 format but offers supported SSL/TLS versions. Defaults to false, that is the server will not interoperate with clients that offers SSL-2.0.


However even SSLv3 is an outdated protocol considered insecure, and SSLv2 was obsoleted many years ago. We are considering dropping this last interop switch with SSLv2 enabled clients in OTP 21. There acctualy has been cases when valid hello messages of SSL/TLS are confused with SSLv2 hello messages.

Regards Ingela Erlang/OTP Team - Ericsson AB


 
 
> Which version of OTP would support SSLv2?

R15 already has it unsupported, according to the manual. After
erldocs.com, you'd need to go as far as R13.

Why won't you wrap the connection with stunnel? You wouldn't need to
maintain a compilation of a really old Erlang version.

--
Stanislaw Klekot
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions