summaryrefslogtreecommitdiffstats
path: root/docs/en/ranch
diff options
context:
space:
mode:
Diffstat (limited to 'docs/en/ranch')
-rw-r--r--docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc2
-rw-r--r--docs/en/ranch/2.0/guide/migrating_from_1.7/index.html2
-rw-r--r--docs/en/ranch/2.0/manual/ranch_ssl/index.html24
3 files changed, 24 insertions, 4 deletions
diff --git a/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc b/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc
index d10d1fdf..3ed6d85d 100644
--- a/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc
+++ b/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc
@@ -160,4 +160,4 @@ for Erlang/OTP 19 and 20 has been removed.
`ssl:ssl_accept/1,2`.
* The `ranch_ssl:ssl_opt()` type has been updated to conform
- with Erlang/OTP 22.0.
+ with Erlang/OTP 23.0.
diff --git a/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html b/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html
index c943efae..186d66a8 100644
--- a/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html
+++ b/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html
@@ -138,7 +138,7 @@
</li>
<li>Ranch now calls <code>ssl:handshake/1,2,3</code> instead of <code>ssl:ssl_accept/1,2</code>.
</li>
-<li>The <code>ranch_ssl:ssl_opt()</code> type has been updated to conform with Erlang/OTP 22.0.
+<li>The <code>ranch_ssl:ssl_opt()</code> type has been updated to conform with Erlang/OTP 23.0.
</li>
</ul>
diff --git a/docs/en/ranch/2.0/manual/ranch_ssl/index.html b/docs/en/ranch/2.0/manual/ranch_ssl/index.html
index f6999be8..fa3b11ad 100644
--- a/docs/en/ranch/2.0/manual/ranch_ssl/index.html
+++ b/docs/en/ranch/2.0/manual/ranch_ssl/index.html
@@ -92,6 +92,7 @@ by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000000">ssl_opt</font></b>() <font color="#990000">=</font> {<font color="#FF6600">alpn_preferred_protocols</font>, [<b><font color="#000080">binary</font></b>()]}
+ | {<font color="#FF6600">anti_replay</font>, <font color="#FF6600">'10k'</font> | <font color="#FF6600">'100k'</font> | {<b><font color="#000080">integer</font></b>(), <b><font color="#000080">integer</font></b>(), <b><font color="#000080">integer</font></b>()}}
| {<font color="#FF6600">beast_mitigation</font>, <font color="#FF6600">one_n_minus_one</font> | <font color="#FF6600">zero_n</font> | <font color="#FF6600">disabled</font>}
| {<font color="#FF6600">cacertfile</font>, <b><font color="#000000">file:filename</font></b>()}
| {<font color="#FF6600">cacerts</font>, [<b><font color="#000000">public_key:der_encoded</font></b>()]}
@@ -104,17 +105,19 @@ http://www.gnu.org/software/src-highlite -->
| {<font color="#FF6600">depth</font>, <b><font color="#000080">integer</font></b>()}
| {<font color="#FF6600">dh</font>, <b><font color="#000080">binary</font></b>()}
| {<font color="#FF6600">dhfile</font>, <b><font color="#000000">file:filename</font></b>()}
- | {<font color="#FF6600">eccs</font>, [<b><font color="#000080">atom</font></b>()]}
+ | {<font color="#FF6600">eccs</font>, [<b><font color="#000000">ssl:named_curve</font></b>()]}
| {<font color="#FF6600">fail_if_no_peer_cert</font>, <b><font color="#000000">boolean</font></b>()}
| {<font color="#FF6600">handshake</font>, <font color="#FF6600">hello</font> | <font color="#FF6600">full</font>}
| {<font color="#FF6600">hibernate_after</font>, <b><font color="#000000">timeout</font></b>()}
| {<font color="#FF6600">honor_cipher_order</font>, <b><font color="#000000">boolean</font></b>()}
| {<font color="#FF6600">honor_ecc_order</font>, <b><font color="#000000">boolean</font></b>()}
| {<font color="#FF6600">key</font>, <b><font color="#000000">ssl:key</font></b>()}
+ | {<font color="#FF6600">key_update_at</font>, <b><font color="#000000">pos_integer</font></b>()}
| {<font color="#FF6600">keyfile</font>, <b><font color="#000000">file:filename</font></b>()}
| {<font color="#FF6600">log_alert</font>, <b><font color="#000000">boolean</font></b>()}
| {<font color="#FF6600">log_level</font>, <b><font color="#000000">logger:level</font></b>()}
| {<font color="#FF6600">max_handshake_size</font>, <b><font color="#000080">integer</font></b>()}
+ | {<font color="#FF6600">middlebox_comp_mode</font>, <b><font color="#000000">boolean</font></b>()}
| {<font color="#FF6600">next_protocols_advertised</font>, [<b><font color="#000080">binary</font></b>()]}
| {<font color="#FF6600">padding_check</font>, <b><font color="#000000">boolean</font></b>()}
| {<font color="#FF6600">partial_chain</font>, <b><font color="#0000FF">fun</font></b>()}
@@ -124,10 +127,12 @@ http://www.gnu.org/software/src-highlite -->
| {<font color="#FF6600">reuse_session</font>, <b><font color="#0000FF">fun</font></b>()}
| {<font color="#FF6600">reuse_sessions</font>, <b><font color="#000000">boolean</font></b>()}
| {<font color="#FF6600">secure_renegotiate</font>, <b><font color="#000000">boolean</font></b>()}
+ | {<font color="#FF6600">session_tickets</font>, <font color="#FF6600">disabled</font> | <font color="#FF6600">stateful</font> | <font color="#FF6600">stateless</font>}
| {<font color="#FF6600">signature_algs</font>, [{<b><font color="#000000">ssl:hash</font></b>(), <b><font color="#000000">ssl:sign_algo</font></b>()}]}
- | {<font color="#FF6600">signature_algs_cert</font>, [<b><font color="#000080">atom</font></b>()]}
+ | {<font color="#FF6600">signature_algs_cert</font>, [<b><font color="#000000">ssl:sign_scheme</font></b>()]}
| {<font color="#FF6600">sni_fun</font>, <b><font color="#0000FF">fun</font></b>()}
| {<font color="#FF6600">sni_hosts</font>, [{<b><font color="#000000">string</font></b>(), <b><font color="#000000">ssl_opt</font></b>()}]}
+ | {<font color="#FF6600">supported_groups</font>, [<b><font color="#000000">ssl:group</font></b>()]}
| {<font color="#FF6600">user_lookup_fun</font>, {<b><font color="#0000FF">fun</font></b>(), <b><font color="#000000">any</font></b>()}}
| {<font color="#FF6600">verify</font>, <font color="#FF6600">verify_none</font> | <font color="#FF6600">verify_peer</font>}
| {<font color="#FF6600">verify_fun</font>, {<b><font color="#0000FF">fun</font></b>(), <b><font color="#000000">any</font></b>()}}
@@ -139,6 +144,9 @@ http://www.gnu.org/software/src-highlite -->
<dl><dt>alpn_preferred_protocols</dt>
<dd><p>Perform Application-Layer Protocol Negotiation with the given list of preferred protocols.</p>
</dd>
+<dt>anti_replay</dt>
+<dd><p>Configures the server&apos;s built-in anti replay feature based on Bloom filters.</p>
+</dd>
<dt>beast_mitigation (one_n_minus_one)</dt>
<dd><p>Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0 to interoperate with legacy software.</p>
</dd>
@@ -197,6 +205,9 @@ http://www.gnu.org/software/src-highlite -->
<dt>key</dt>
<dd><p>DER encoded user private key.</p>
</dd>
+<dt>key_update_at</dt>
+<dd><p>Configures the maximum amount of bytes that can be sent on a TLS 1.3 connection before an automatic key update is performed.</p>
+</dd>
<dt>keyfile</dt>
<dd><p>Path to the PEM encoded private key file, if different from the certfile.</p>
</dd>
@@ -209,6 +220,9 @@ http://www.gnu.org/software/src-highlite -->
<dt>max_handshake_size (256*1024)</dt>
<dd><p>Used to limit the size of valid TLS handshake packets to avoid DoS attacks.</p>
</dd>
+<dt>middlebox_comp_mode (true)</dt>
+<dd><p>Configures the middlebox compatibility mode on a TLS 1.3 connection.</p>
+</dd>
<dt>next_protocols_advertised</dt>
<dd><p>List of protocols to send to the client if it supports the Next Protocol extension.</p>
</dd>
@@ -236,6 +250,9 @@ http://www.gnu.org/software/src-highlite -->
<dt>secure_renegotiate (false)</dt>
<dd><p>Whether to reject renegotiation attempts that do not conform to RFC5746.</p>
</dd>
+<dt>session_tickets</dt>
+<dd><p>Configures the session ticket functionality.</p>
+</dd>
<dt>signature_algs</dt>
<dd><p>The TLS signature algorithm extension may be used, from TLS 1.2, to negotiate which signature algorithm to use during the TLS handshake.</p>
</dd>
@@ -248,6 +265,9 @@ http://www.gnu.org/software/src-highlite -->
<dt>sni_hosts</dt>
<dd><p>Options to apply for the host that matches what the client requested with Server Name Indication.</p>
</dd>
+<dt>supported_groups([x25519, x448, secp256r1, secp384r1])</dt>
+<dd><p>TLS 1.3 introduces the <code>supported_groups</code> extension that is used for negotiating the Diffie-Hellman parameters in a TLS 1.3 handshake. Both client and server can specify a list of parameters that they are willing to use.</p>
+</dd>
<dt>user_lookup_fun</dt>
<dd><p>Function called to determine the shared secret when using PSK, or provide parameters when using SRP.</p>
</dd>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 03:25:07 +0000