Summary
yaws_config.erl in Yaws loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine.
Products Potentially Affected
|
OS/Product
|
Exposure
|
|
Switch Engine (EXOS)
|
Investigating
|
Repair Recommendations
None.
Please see the full security advisory article here for more details and updates.
