From a1e85d3b8d686af2f09f324112baf07bcc472e4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Thu, 25 Jun 2020 13:45:04 +0200
Subject: More Ranch 2.0 doc updates

---
 docs/en/ranch/2.0/manual/ranch_ssl/index.html | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'docs/en/ranch/2.0/manual')

diff --git a/docs/en/ranch/2.0/manual/ranch_ssl/index.html b/docs/en/ranch/2.0/manual/ranch_ssl/index.html
index f6999be8..fa3b11ad 100644
--- a/docs/en/ranch/2.0/manual/ranch_ssl/index.html
+++ b/docs/en/ranch/2.0/manual/ranch_ssl/index.html
@@ -92,6 +92,7 @@ by Lorenzo Bettini
 http://www.lorenzobettini.it
 http://www.gnu.org/software/src-highlite -->
 <pre><tt><b><font color="#000000">ssl_opt</font></b>() <font color="#990000">=</font> {<font color="#FF6600">alpn_preferred_protocols</font>, [<b><font color="#000080">binary</font></b>()]}
+          | {<font color="#FF6600">anti_replay</font>, <font color="#FF6600">'10k'</font> | <font color="#FF6600">'100k'</font> | {<b><font color="#000080">integer</font></b>(), <b><font color="#000080">integer</font></b>(), <b><font color="#000080">integer</font></b>()}}
           | {<font color="#FF6600">beast_mitigation</font>, <font color="#FF6600">one_n_minus_one</font> | <font color="#FF6600">zero_n</font> | <font color="#FF6600">disabled</font>}
           | {<font color="#FF6600">cacertfile</font>, <b><font color="#000000">file:filename</font></b>()}
           | {<font color="#FF6600">cacerts</font>, [<b><font color="#000000">public_key:der_encoded</font></b>()]}
@@ -104,17 +105,19 @@ http://www.gnu.org/software/src-highlite -->
           | {<font color="#FF6600">depth</font>, <b><font color="#000080">integer</font></b>()}
           | {<font color="#FF6600">dh</font>, <b><font color="#000080">binary</font></b>()}
           | {<font color="#FF6600">dhfile</font>, <b><font color="#000000">file:filename</font></b>()}
-          | {<font color="#FF6600">eccs</font>, [<b><font color="#000080">atom</font></b>()]}
+          | {<font color="#FF6600">eccs</font>, [<b><font color="#000000">ssl:named_curve</font></b>()]}
           | {<font color="#FF6600">fail_if_no_peer_cert</font>, <b><font color="#000000">boolean</font></b>()}
           | {<font color="#FF6600">handshake</font>, <font color="#FF6600">hello</font> | <font color="#FF6600">full</font>}
           | {<font color="#FF6600">hibernate_after</font>, <b><font color="#000000">timeout</font></b>()}
           | {<font color="#FF6600">honor_cipher_order</font>, <b><font color="#000000">boolean</font></b>()}
           | {<font color="#FF6600">honor_ecc_order</font>, <b><font color="#000000">boolean</font></b>()}
           | {<font color="#FF6600">key</font>, <b><font color="#000000">ssl:key</font></b>()}
+          | {<font color="#FF6600">key_update_at</font>, <b><font color="#000000">pos_integer</font></b>()}
           | {<font color="#FF6600">keyfile</font>, <b><font color="#000000">file:filename</font></b>()}
           | {<font color="#FF6600">log_alert</font>, <b><font color="#000000">boolean</font></b>()}
           | {<font color="#FF6600">log_level</font>, <b><font color="#000000">logger:level</font></b>()}
           | {<font color="#FF6600">max_handshake_size</font>, <b><font color="#000080">integer</font></b>()}
+          | {<font color="#FF6600">middlebox_comp_mode</font>, <b><font color="#000000">boolean</font></b>()}
           | {<font color="#FF6600">next_protocols_advertised</font>, [<b><font color="#000080">binary</font></b>()]}
           | {<font color="#FF6600">padding_check</font>, <b><font color="#000000">boolean</font></b>()}
           | {<font color="#FF6600">partial_chain</font>, <b><font color="#0000FF">fun</font></b>()}
@@ -124,10 +127,12 @@ http://www.gnu.org/software/src-highlite -->
           | {<font color="#FF6600">reuse_session</font>, <b><font color="#0000FF">fun</font></b>()}
           | {<font color="#FF6600">reuse_sessions</font>, <b><font color="#000000">boolean</font></b>()}
           | {<font color="#FF6600">secure_renegotiate</font>, <b><font color="#000000">boolean</font></b>()}
+          | {<font color="#FF6600">session_tickets</font>, <font color="#FF6600">disabled</font> | <font color="#FF6600">stateful</font> | <font color="#FF6600">stateless</font>}
           | {<font color="#FF6600">signature_algs</font>, [{<b><font color="#000000">ssl:hash</font></b>(), <b><font color="#000000">ssl:sign_algo</font></b>()}]}
-          | {<font color="#FF6600">signature_algs_cert</font>, [<b><font color="#000080">atom</font></b>()]}
+          | {<font color="#FF6600">signature_algs_cert</font>, [<b><font color="#000000">ssl:sign_scheme</font></b>()]}
           | {<font color="#FF6600">sni_fun</font>, <b><font color="#0000FF">fun</font></b>()}
           | {<font color="#FF6600">sni_hosts</font>, [{<b><font color="#000000">string</font></b>(), <b><font color="#000000">ssl_opt</font></b>()}]}
+          | {<font color="#FF6600">supported_groups</font>, [<b><font color="#000000">ssl:group</font></b>()]}
           | {<font color="#FF6600">user_lookup_fun</font>, {<b><font color="#0000FF">fun</font></b>(), <b><font color="#000000">any</font></b>()}}
           | {<font color="#FF6600">verify</font>, <font color="#FF6600">verify_none</font> | <font color="#FF6600">verify_peer</font>}
           | {<font color="#FF6600">verify_fun</font>, {<b><font color="#0000FF">fun</font></b>(), <b><font color="#000000">any</font></b>()}}
@@ -139,6 +144,9 @@ http://www.gnu.org/software/src-highlite -->
 <dl><dt>alpn_preferred_protocols</dt>
 <dd><p>Perform Application-Layer Protocol Negotiation with the given list of preferred protocols.</p>
 </dd>
+<dt>anti_replay</dt>
+<dd><p>Configures the server&apos;s built-in anti replay feature based on Bloom filters.</p>
+</dd>
 <dt>beast_mitigation (one_n_minus_one)</dt>
 <dd><p>Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0 to interoperate with legacy software.</p>
 </dd>
@@ -197,6 +205,9 @@ http://www.gnu.org/software/src-highlite -->
 <dt>key</dt>
 <dd><p>DER encoded user private key.</p>
 </dd>
+<dt>key_update_at</dt>
+<dd><p>Configures the maximum amount of bytes that can be sent on a TLS 1.3 connection before an automatic key update is performed.</p>
+</dd>
 <dt>keyfile</dt>
 <dd><p>Path to the PEM encoded private key file, if different from the certfile.</p>
 </dd>
@@ -209,6 +220,9 @@ http://www.gnu.org/software/src-highlite -->
 <dt>max_handshake_size (256*1024)</dt>
 <dd><p>Used to limit the size of valid TLS handshake packets to avoid DoS attacks.</p>
 </dd>
+<dt>middlebox_comp_mode (true)</dt>
+<dd><p>Configures the middlebox compatibility mode on a TLS 1.3 connection.</p>
+</dd>
 <dt>next_protocols_advertised</dt>
 <dd><p>List of protocols to send to the client if it supports the Next Protocol extension.</p>
 </dd>
@@ -236,6 +250,9 @@ http://www.gnu.org/software/src-highlite -->
 <dt>secure_renegotiate (false)</dt>
 <dd><p>Whether to reject renegotiation attempts that do not conform to RFC5746.</p>
 </dd>
+<dt>session_tickets</dt>
+<dd><p>Configures the session ticket functionality.</p>
+</dd>
 <dt>signature_algs</dt>
 <dd><p>The TLS signature algorithm extension may be used, from TLS 1.2, to negotiate which signature algorithm to use during the TLS handshake.</p>
 </dd>
@@ -248,6 +265,9 @@ http://www.gnu.org/software/src-highlite -->
 <dt>sni_hosts</dt>
 <dd><p>Options to apply for the host that matches what the client requested with Server Name Indication.</p>
 </dd>
+<dt>supported_groups([x25519, x448, secp256r1, secp384r1])</dt>
+<dd><p>TLS 1.3 introduces the <code>supported_groups</code> extension that is used for negotiating the Diffie-Hellman parameters in a TLS 1.3 handshake. Both client and server can specify a list of parameters that they are willing to use.</p>
+</dd>
 <dt>user_lookup_fun</dt>
 <dd><p>Function called to determine the shared secret when using PSK, or provide parameters when using SRP.</p>
 </dd>
-- 
cgit v1.2.3