Erlang by default does not validate ssl certificates when performing https, unless explicit tinstructed to do so. This are insane insecure defaults, that open them to MitM attacks.
-
-
-
That is because we are insanely backwards compatible! Probably will be the next default value to go.
- Još 5 drugih odgovora
Novi razgovor -
-
-
There are some interesting issues with ssl/tls in recent Erlang versions as well. On edge cases, but still. Anything planned to improve testing of ssl library?
-
We are countinously improving testing. Almost all of the issus are timing related and optimzations tend to change timing, which is also the an area that is hardest to test.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.