From a1e85d3b8d686af2f09f324112baf07bcc472e4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Thu, 25 Jun 2020 13:45:04 +0200 Subject: More Ranch 2.0 doc updates --- .../en/ranch/2.0/guide/migrating_from_1.7.asciidoc | 2 +- .../ranch/2.0/guide/migrating_from_1.7/index.html | 2 +- docs/en/ranch/2.0/manual/ranch_ssl/index.html | 24 ++++++++++++++++++++-- docs/index.xml | 2 +- 4 files changed, 25 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc b/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc index d10d1fdf..3ed6d85d 100644 --- a/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc +++ b/docs/en/ranch/2.0/guide/migrating_from_1.7.asciidoc @@ -160,4 +160,4 @@ for Erlang/OTP 19 and 20 has been removed. `ssl:ssl_accept/1,2`. * The `ranch_ssl:ssl_opt()` type has been updated to conform - with Erlang/OTP 22.0. + with Erlang/OTP 23.0. diff --git a/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html b/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html index c943efae..186d66a8 100644 --- a/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html +++ b/docs/en/ranch/2.0/guide/migrating_from_1.7/index.html @@ -138,7 +138,7 @@
  • Ranch now calls ssl:handshake/1,2,3 instead of ssl:ssl_accept/1,2.
    • -
  • The ranch_ssl:ssl_opt() type has been updated to conform with Erlang/OTP 22.0. +
  • The ranch_ssl:ssl_opt() type has been updated to conform with Erlang/OTP 23.0.
    • diff --git a/docs/en/ranch/2.0/manual/ranch_ssl/index.html b/docs/en/ranch/2.0/manual/ranch_ssl/index.html index f6999be8..fa3b11ad 100644 --- a/docs/en/ranch/2.0/manual/ranch_ssl/index.html +++ b/docs/en/ranch/2.0/manual/ranch_ssl/index.html @@ -92,6 +92,7 @@ by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> 
    ssl_opt() = {alpn_preferred_protocols, [binary()]}
+          | {anti_replay, '10k' | '100k' | {integer(), integer(), integer()}}
           | {beast_mitigation, one_n_minus_one | zero_n | disabled}
           | {cacertfile, file:filename()}
           | {cacerts, [public_key:der_encoded()]}
@@ -104,17 +105,19 @@ http://www.gnu.org/software/src-highlite -->
           | {depth, integer()}
           | {dh, binary()}
           | {dhfile, file:filename()}
-          | {eccs, [atom()]}
+          | {eccs, [ssl:named_curve()]}
           | {fail_if_no_peer_cert, boolean()}
           | {handshake, hello | full}
           | {hibernate_after, timeout()}
           | {honor_cipher_order, boolean()}
           | {honor_ecc_order, boolean()}
           | {key, ssl:key()}
+          | {key_update_at, pos_integer()}
           | {keyfile, file:filename()}
           | {log_alert, boolean()}
           | {log_level, logger:level()}
           | {max_handshake_size, integer()}
+          | {middlebox_comp_mode, boolean()}
           | {next_protocols_advertised, [binary()]}
           | {padding_check, boolean()}
           | {partial_chain, fun()}
@@ -124,10 +127,12 @@ http://www.gnu.org/software/src-highlite -->
           | {reuse_session, fun()}
           | {reuse_sessions, boolean()}
           | {secure_renegotiate, boolean()}
+          | {session_tickets, disabled | stateful | stateless}
           | {signature_algs, [{ssl:hash(), ssl:sign_algo()}]}
-          | {signature_algs_cert, [atom()]}
+          | {signature_algs_cert, [ssl:sign_scheme()]}
           | {sni_fun, fun()}
           | {sni_hosts, [{string(), ssl_opt()}]}
+          | {supported_groups, [ssl:group()]}
           | {user_lookup_fun, {fun(), any()}}
           | {verify, verify_none | verify_peer}
           | {verify_fun, {fun(), any()}}
@@ -139,6 +144,9 @@ http://www.gnu.org/software/src-highlite -->
 
    alpn_preferred_protocols
    
 
    Perform Application-Layer Protocol Negotiation with the given list of preferred protocols.
    
 
    
+
    anti_replay
    
+
    Configures the server's built-in anti replay feature based on Bloom filters.
    
+
    
 
    beast_mitigation (one_n_minus_one)
    
 
    Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0 to interoperate with legacy software.
    
 
    
@@ -197,6 +205,9 @@ http://www.gnu.org/software/src-highlite -->
 
    key
    
 
    DER encoded user private key.
    
 
    
+
    key_update_at
    
+
    Configures the maximum amount of bytes that can be sent on a TLS 1.3 connection before an automatic key update is performed.
    
+
    
 
    keyfile
    
 
    Path to the PEM encoded private key file, if different from the certfile.
    
 
    
@@ -209,6 +220,9 @@ http://www.gnu.org/software/src-highlite -->
 
    max_handshake_size (256*1024)
    
 
    Used to limit the size of valid TLS handshake packets to avoid DoS attacks.
    
 
    
+
    middlebox_comp_mode (true)
    
+
    Configures the middlebox compatibility mode on a TLS 1.3 connection.
    
+
    
 
    next_protocols_advertised
    
 
    List of protocols to send to the client if it supports the Next Protocol extension.
    
 
    
@@ -236,6 +250,9 @@ http://www.gnu.org/software/src-highlite -->
 
    secure_renegotiate (false)
    
 
    Whether to reject renegotiation attempts that do not conform to RFC5746.
    
 
    
+
    session_tickets
    
+
    Configures the session ticket functionality.
    
+
    
 
    signature_algs
    
 
    The TLS signature algorithm extension may be used, from TLS 1.2, to negotiate which signature algorithm to use during the TLS handshake.
    
 
    
@@ -248,6 +265,9 @@ http://www.gnu.org/software/src-highlite -->
 
    sni_hosts
    
 
    Options to apply for the host that matches what the client requested with Server Name Indication.
    
 
    
+
    supported_groups([x25519, x448, secp256r1, secp384r1])
    
+
    TLS 1.3 introduces the supported_groups extension that is used for negotiating the Diffie-Hellman parameters in a TLS 1.3 handshake. Both client and server can specify a list of parameters that they are willing to use.
    
+
    
 
    user_lookup_fun
    
 
    Function called to determine the shared secret when using PSK, or provide parameters when using SRP.
    
 
    
diff --git a/docs/index.xml b/docs/index.xml
index 878665ab..b3d14cd6 100644
--- a/docs/index.xml
+++ b/docs/index.xml
@@ -12164,7 +12164,7 @@ Exports The module ranch_ssl implements the interface defined by ranch_transport
 Types opt() opt() :: ranch_tcp:opt() | ssl_opt()  Listen options.
 The TCP options are defined in ranch_tcp(3).
 opts() opts() :: [opt()]  List of listen options.
-ssl_opt() ssl_opt() = {alpn_preferred_protocols, [binary()]} | {beast_mitigation, one_n_minus_one | zero_n | disabled} | {cacertfile, file:filename()} | {cacerts, [public_key:der_encoded()]} | {cert, public_key:der_encoded()} | {certfile, file:filename()} | {ciphers, ssl:ciphers()} | {client_renegotiation, boolean()} | {crl_cache, [any()]} | {crl_check, boolean() | peer | best_effort} | {depth, integer()} | {dh, binary()} | {dhfile, file:filename()} | {eccs, [atom()]} | {fail_if_no_peer_cert, boolean()} | {handshake, hello | full} | {hibernate_after, timeout()} | {honor_cipher_order, boolean()} | {honor_ecc_order, boolean()} | {key, ssl:key()} | {keyfile, file:filename()} | {log_alert, boolean()} | {log_level, logger:level()} | {max_handshake_size, integer()} | {next_protocols_advertised, [binary()]} | {padding_check, boolean()} | {partial_chain, fun()} | {password, string()} | {protocol, tls | dtls} | {psk_identity, string()} | {reuse_session, fun()} | {reuse_sessions, boolean()} | {secure_renegotiate, boolean()} | {signature_algs, [{ssl:hash(), ssl:sign_algo()}]} | {signature_algs_cert, [atom()]} | {sni_fun, fun()} | {sni_hosts, [{string(), ssl_opt()}]} | {user_lookup_fun, {fun(), any()}} | {verify, verify_none | verify_peer} | {verify_fun, {fun(), any()}} | {versions, [ssl:protocol_version()]}  SSL-specific listen options.
+ssl_opt() ssl_opt() = {alpn_preferred_protocols, [binary()]} | {anti_replay, '10k' | '100k' | {integer(), integer(), integer()}} | {beast_mitigation, one_n_minus_one | zero_n | disabled} | {cacertfile, file:filename()} | {cacerts, [public_key:der_encoded()]} | {cert, public_key:der_encoded()} | {certfile, file:filename()} | {ciphers, ssl:ciphers()} | {client_renegotiation, boolean()} | {crl_cache, [any()]} | {crl_check, boolean() | peer | best_effort} | {depth, integer()} | {dh, binary()} | {dhfile, file:filename()} | {eccs, [ssl:named_curve()]} | {fail_if_no_peer_cert, boolean()} | {handshake, hello | full} | {hibernate_after, timeout()} | {honor_cipher_order, boolean()} | {honor_ecc_order, boolean()} | {key, ssl:key()} | {key_update_at, pos_integer()} | {keyfile, file:filename()} | {log_alert, boolean()} | {log_level, logger:level()} | {max_handshake_size, integer()} | {middlebox_comp_mode, boolean()} | {next_protocols_advertised, [binary()]} | {padding_check, boolean()} | {partial_chain, fun()} | {password, string()} | {protocol, tls | dtls} | {psk_identity, string()} | {reuse_session, fun()} | {reuse_sessions, boolean()} | {secure_renegotiate, boolean()} | {session_tickets, disabled | stateful | stateless} | {signature_algs, [{ssl:hash(), ssl:sign_algo()}]} | {signature_algs_cert, [ssl:sign_scheme()]} | {sni_fun, fun()} | {sni_hosts, [{string(), ssl_opt()}]} | {supported_groups, [ssl:group()]} | {user_lookup_fun, {fun(), any()}} | {verify, verify_none | verify_peer} | {verify_fun, {fun(), any()}} | {versions, [ssl:protocol_version()]}  SSL-specific listen options.
     
     
     
-- 
cgit v1.2.3