<?xml version="1.0" encoding="iso-8859-1" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">
<chapter>
<header>
<copyright>
<year>1999</year><year>2012</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
The contents of this file are subject to the Erlang Public License,
Version 1.1, (the "License"); you may not use this file except in
compliance with the License. You should have received a copy of the
Erlang Public License along with this software. If not, it can be
retrieved online at http://www.erlang.org/.
Software distributed under the License is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
the License for the specific language governing rights and limitations
under the License.
</legalnotice>
<title>SSL Release Notes</title>
<prepared>Peter Högfeldt</prepared>
<docno></docno>
<date>2003-08-03</date>
<rev>G</rev>
<file>notes.xml</file>
</header>
<p>This document describes the changes made to the SSL application.</p>
<section><title>SSL 5.2.1.4</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Fix broken appup</p>
<p>
Own Id: OTP-12878</p>
</item>
</list>
</section>
</section>
<section><title>SSL 5.2.1.3</title>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Add padding check for TLS-1.0 to remove Poodle
vulnerability from TLS 1.0 Also supply a working SSL/TLS
protocol version option to be able to disable SSL-3.0 via
connect/listen options.</p>
<p>
Own Id: OTP-12561</p>
</item>
</list>
</section>
</section>
<section><title>SSL 5.1.2.1</title>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Make log_alert configurable as option in ssl, SSLLogLevel
added as option to inets conf file</p>
<p>
Own Id: OTP-11259</p>
</item>
</list>
</section>
</section>
<section><title>SSL 5.1.2</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
ssl:ssl_accept/2 timeout is no longer ignored</p>
<p>
Own Id: OTP-10600</p>
</item>
</list>
</section>
</section>
<section><title>SSL 5.1.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
ssl:recv/3 could "loose" data when the timeout occurs. If
the timout in ssl:connect or ssl:ssl_accept expired the
ssl connection process was not terminated as it should,
this due to gen_fsm:send_all_state_event timout is a
client side time out. These timouts are now handled by
the gen_fsm-procss instead.</p>
<p>
Own Id: OTP-10569</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Better termination handling that avoids hanging.</p>
<p>
Own Id: OTP-10574</p>
</item>
</list>
</section>
</section>
<section><title>SSL 5.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Sometimes the client process could receive an extra
{error, closed} message after ssl:recv had returned
{error, closed}.</p>
<p>
Own Id: OTP-10118</p>
</item>
<item>
<p>
ssl v3 alert number 41 (no_certificate_RESERVED) is now
recognized</p>
<p>
Own Id: OTP-10196</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Experimental support for TLS 1.1 is now available, will
be officially supported from OTP-R16. Thanks to Andreas
Schultz for implementing the first version.</p>
<p>
Own Id: OTP-8871</p>
</item>
<item>
<p>
Experimental support for TLS 1.2 is now available, will
be officially supported from OTP-R16. Thanks to Andreas
Schultz for implementing the first version.</p>
<p>
Own Id: OTP-8872</p>
</item>
<item>
<p>
Removed some bottlenecks increasing the applications
parallelism especially for the client side.</p>
<p>
Own Id: OTP-10113</p>
</item>
<item>
<p>
Workaround for handling certificates that wrongly encode
X509countryname in utf-8 when the actual value is a valid
ASCCI value of length 2. Such certificates are accepted
by many browsers such as Chrome and Fierfox so for
interoperability reasons we will too.</p>
<p>
Own Id: OTP-10222</p>
</item>
</list>
</section>
</section>
<section><title>SSL 5.0.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Robustness and improvement to distribution over SSL</p>
<p>
Fix a bug where ssl_tls_dist_proxy would crash at caller
timeout. Fix a bug where a timeout from the SSL layer
would block the distribution indefinately. Run the proxy
exclusively on the loopback interface. (Thanks to Paul
Guyot)</p>
<p>
Own Id: OTP-9915</p>
</item>
<item>
<p>
Fix setup loop of SSL TLS dist proxy</p>
<p>
Fix potential leak of processes waiting indefinately for
data from closed sockets during socket setup phase.
(Thanks to Paul Guyot)</p>
<p>
Own Id: OTP-9916</p>
</item>
<item>
<p>
Correct spelling of registered (Thanks to Richard
Carlsson)</p>
<p>
Own Id: OTP-9925</p>
</item>
<item>
<p>
Added TLS PRF function to the SSL API for generation of
additional key material from a TLS session. (Thanks to
Andreas Schultz)</p>
<p>
Own Id: OTP-10024</p>
</item>
</list>
</section>
</section>
<section><title>SSL 5.0</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Invalidation handling of sessions could cause the
time_stamp field in the session record to be set to
undefined crashing the session clean up process. This did
not affect the connections but would result in that the
session table would grow.</p>
<p>
Own Id: OTP-9696 Aux Id: seq11947 </p>
</item>
<item>
<p>
Changed code to use ets:foldl and throw instead of
ets:next traversal, avoiding the need to explicitly call
ets:safe_fixtable. It was possible to get a badarg-crash
under special circumstances.</p>
<p>
Own Id: OTP-9703 Aux Id: seq11947 </p>
</item>
<item>
<p>
Send ssl_closed notification to active ssl user when a
tcp error occurs.</p>
<p>
Own Id: OTP-9734 Aux Id: seq11946 </p>
</item>
<item>
<p>
If a passive receive was ongoing during a renegotiation
the process evaluating ssl:recv could be left hanging for
ever.</p>
<p>
Own Id: OTP-9744</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Support for the old ssl implementation is dropped and the
code is removed.</p>
<p>
Own Id: OTP-7048</p>
</item>
<item>
<p>
The erlang distribution can now be run over the new ssl
implementation. All options can currently not be set but
it is enough to replace to old ssl implementation.</p>
<p>
Own Id: OTP-7053</p>
</item>
<item>
<p>
public_key, ssl and crypto now supports PKCS-8</p>
<p>
Own Id: OTP-9312</p>
</item>
<item>
<p>
Implements a CBC timing attack counter measure. Thanks to
Andreas Schultz for providing the patch.</p>
<p>
Own Id: OTP-9683</p>
</item>
<item>
<p>
Mitigates an SSL/TLS Computational DoS attack by
disallowing the client to renegotiate many times in a row
in a short time interval, thanks to Tuncer Ayaz for
alerting us about this.</p>
<p>
Own Id: OTP-9739</p>
</item>
<item>
<p>
Implements the 1/n-1 splitting countermeasure to the
Rizzo Duong BEAST attack, affects SSL 3.0 and TLS 1.0.
Thanks to Tuncer Ayaz for alerting us about this.</p>
<p>
Own Id: OTP-9750</p>
</item>
</list>
</section>
</section>
<section><title>SSL 4.1.6</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
replace "a ssl" with "an ssl" reindent
pkix_path_validation/3 Trivial documentation fixes
(Thanks to Christian von Roques )</p>
<p>
Own Id: OTP-9464</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Adds function clause to avoid denial of service attack.
Thanks to Vinod for reporting this vulnerability.</p>
<p>
Own Id: OTP-9364</p>
</item>
<item>
<p>
Error handling code now takes care of inet:getopts/2 and
inets:setopts/2 crashes. Thanks to Richard Jones for
reporting this.</p>
<p>
Own Id: OTP-9382</p>
</item>
<item>
<p>
Support explicit use of packet option httph and httph_bin</p>
<p>
Own Id: OTP-9461</p>
</item>
<item>
<p>
Decoding of hello extensions could fail to come to the
correct conclusion due to an error in a binary match
pattern. Thanks to Ben Murphy.</p>
<p>
Own Id: OTP-9589</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 4.1.5</title>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>Calling gen_tcp:connect with option {ip, {127,0,0,1}} results in
an exit with reason badarg. Neither SSL nor INETS This was not
catched, resulting in crashes with incomprehensible reasons.</p>
<p>Own Id: OTP-9289 Aux Id: seq11845</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 4.1.3</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Fixed error in cache-handling fix from ssl-4.1.2</p>
<p>
Own Id: OTP-9018 Aux Id: seq11739 </p>
</item>
<item>
<p>Verification of a critical extended_key_usage-extension
corrected</p>
<p>Own Id: OTP-9029 Aux Id: seq11541 </p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 4.1.2</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
The ssl application caches certificate files, it will now
invalidate cache entries if the diskfile is changed.</p>
<p>
Own Id: OTP-8965 Aux Id: seq11739 </p>
</item>
<item>
<p>
Now runs the terminate function before returning from the
call made by ssl:close/1, as before the caller of
ssl:close/1 could get problems with the reuseaddr option.</p>
<p>
Own Id: OTP-8992</p>
</item>
</list>
</section>
</section>
<section><title>SSL 4.1.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Correct handling of client certificate verify message
When checking the client certificate verify message the
server used the wrong algorithm identifier to determine
the signing algorithm, causing a function clause error in
the public_key application when the key-exchange
algorithm and the public key algorithm of the client
certificate happen to differ.</p>
<p>
Own Id: OTP-8897</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
For testing purposes ssl now also support some anonymous
cipher suites when explicitly configured to do so.</p>
<p>
Own Id: OTP-8870</p>
</item>
<item>
<p>
Sends an error alert instead of crashing if a crypto
function for the selected cipher suite fails.</p>
<p>
Own Id: OTP-8930 Aux Id: seq11720 </p>
</item>
</list>
</section>
</section>
<section><title>SSL 4.1</title>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Updated ssl to ignore CA certs that violate the asn1-spec
for a certificate, and updated public key asn1 spec to
handle inherited DSS-params.</p>
<p>
Own Id: OTP-7884</p>
</item>
<item>
<p>
Changed ssl implementation to retain backwards
compatibility for old option {verify, 0} that shall be
equivalent to {verify, verify_none}, also separate the
cases unknown ca and selfsigned peer cert, and restored
return value of deprecated function
public_key:pem_to_der/1.</p>
<p>
Own Id: OTP-8858</p>
</item>
<item>
<p>
Changed the verify fun so that it differentiate between
the peer certificate and CA certificates by using
valid_peer or valid as the second argument to the verify
fun. It may not always be trivial or even possible to
know when the peer certificate is reached otherwise.</p>
<p>
*** POTENTIAL INCOMPATIBILITY ***</p>
<p>
Own Id: OTP-8873</p>
</item>
</list>
</section>
</section>
<section><title>SSL 4.0.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
The server now verifies the client certificate verify
message correctly, instead of causing a case-clause.</p>
<p>
Own Id: OTP-8721</p>
</item>
<item>
<p>
The client hello message now always include ALL available
cipher suites (or those specified by the ciphers option).
Previous implementation would filter them based on the
client certificate key usage extension (such filtering
only makes sense for the server certificate).</p>
<p>
Own Id: OTP-8772</p>
</item>
<item>
<p>
Fixed handling of the option {mode, list} that was broken
for some packet types for instance line.</p>
<p>
Own Id: OTP-8785</p>
</item>
<item>
<p>
Empty packets were not delivered to the client.</p>
<p>
Own Id: OTP-8790</p>
</item>
<item>
<p> Building in a source tree without prebuilt platform
independent build results failed on the SSL examples
when: </p> <list><item> cross building. This has been
solved by not building the SSL examples during a cross
build. </item><item> building on Windows. </item></list>
<p>
Own Id: OTP-8791</p>
</item>
<item>
<p>
Fixed a handshake error which occurred on some ssl
implementations.</p>
<p>
Own Id: OTP-8793</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Revise the public_key API - Cleaned up and documented the
public_key API to make it useful for general use, also
changed ssl to use the new API.</p>
<p>
Own Id: OTP-8722</p>
</item>
<item>
<p>
Added support for inputing certificates and keys directly
in DER format these options will override the pem-file
options if specified.</p>
<p>
Own Id: OTP-8723</p>
</item>
<item>
<p>
To gain interoperability ssl will not check for padding
errors when using TLS 1.0. It is first in TLS 1.1 that
checking the padding is an requirement.</p>
<p>
Own Id: OTP-8740</p>
</item>
<item>
<p>
Changed the semantics of the verify_fun option in the
ssl-application so that it takes care of both application
handling of path validation errors and verification of
application specific extensions. This means that it is
now possible for the server application in verify_peer
mode to handle path validation errors. This change moved
some functionality earlier in ssl to the public_key
application.</p>
<p>
Own Id: OTP-8770</p>
</item>
<item>
<p>
Added the functionality so that the verification fun will
be called when a certificate is considered valid by the
path validation to allow access to each certificate in
the path to the user application. Also try to verify
subject-AltName, if unable to verify it let the
application verify it.</p>
<p>
Own Id: OTP-8825</p>
</item>
</list>
</section>
</section>
<section><title>SSL 4.0</title>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
New ssl now support client/server-certificates signed by
dsa keys.</p>
<p>
Own Id: OTP-8587</p>
</item>
<item>
<p>
Ssl has now switched default implementation and removed
deprecated certificate handling. All certificate handling
is done by the public_key application.</p>
<p>
Own Id: OTP-8695</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.11.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Fixed handling of several ssl/tls packets arriving at the
same time. This was broken during a refactoring of the
code.</p>
<p>
Own Id: OTP-8679</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Added missing checks for padding and Mac value. Removed
code for export ciphers and DH certificates as we decided
not to support them.</p>
<p>
Own Id: OTP-7047</p>
</item>
<item>
<p>
New ssl will no longer return esslerrssl to be backwards
compatible with old ssl as this hids infomation from the
user. format_error/1 has been updated to support new ssl.</p>
<p>
*** POTENTIAL INCOMPATIBILITY ***</p>
<p>
Own Id: OTP-7049</p>
</item>
<item>
<p>
New ssl now supports secure renegotiation as described by
RFC 5746.</p>
<p>
Own Id: OTP-8568</p>
</item>
<item>
<p>
Alert handling has been improved to better handle
unexpected but valid messages and the implementation is
also changed to avoid timing related issues that could
cause different error messages depending on network
latency. Packet handling was sort of broken but would
mostly work as expected when socket was in binary mode.
This has now been fixed.</p>
<p>
Own Id: OTP-8588</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.11</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Fixes handling of the option fail_if_no_peer_cert and
some undocumented options. Thanks to Rory Byrne.</p>
<p>
Own Id: OTP-8557</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
Support for Diffie-Hellman. ssl-3.11 requires
public_key-0.6.</p>
<p>
Own Id: OTP-7046</p>
</item>
<item>
<p>
New ssl now properly handles ssl renegotiation, and
initiates a renegotiation if ssl/ltls-sequence numbers
comes close to the max value. However RFC-5746 is not yet
supported, but will be in an upcoming release.</p>
<p>
Own Id: OTP-8517</p>
</item>
<item>
<p>
When gen_tcp is configured with the {packet,http} option,
it automatically switches to expect HTTP Headers after a
HTTP Request/Response line has been received. This update
fixes ssl to behave in the same way. Thanks to Rory
Byrne.</p>
<p>
Own Id: OTP-8545</p>
</item>
<item>
<p>
Ssl now correctly verifies the extended_key_usage
extension and also allows the user to verify application
specific extensions by supplying an appropriate fun.</p>
<p>
Own Id: OTP-8554 Aux Id: OTP-8553 </p>
</item>
<item>
<p>
Fixed ssl:transport_accept/2 to return properly when
socket is closed. Thanks to Rory Byrne.</p>
<p>
Own Id: OTP-8560</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.9</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Fixed a crash in the certificate certification part.</p>
<p>
Own Id: OTP-8510 Aux Id: seq11525 </p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.8</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p><c>ssl:send/2</c> ignored packet option, fix provided
by YAMASHINA Hio.</p>
<p>Fixed a file cache bug which caused problems when the
same file was used for both cert and cacert.</p>
<p>Allow <c>ssl:listen/2</c> to be called with option
{ssl_imp, old}.</p>
<p> Fixed ssl:setopts(Socket, binary) which didn't work
for 'new' ssl.</p>.
<p>
Own Id: OTP-8441</p>
</item>
<item>
<p>
Do a controlled shutdown if a non ssl packet arrives as
the first packet.</p>
<p>
Own Id: OTP-8459 Aux Id: seq11505 </p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>Fixed session reuse (in new_ssl), thanks Wil Tan.</p>
<p>Send CA list during Certificate Request (in new_ssl) ,
thanks Wil Tan.</p> <p><c>NOTE</c>: SSL (new_ssl)
requires public_key-0.5.</p>
<p>
Own Id: OTP-8372</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.7</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
A ticker process could potentially be blocked
indefinitely trying to send a tick to a node not
responding. If this happened, the connection would not be
brought down as it should.</p>
<p> This requires erts-5.7.4 and kernel-2.13.4 or later
to be able to get the erlang distribution over ssl to work.</p>
<p>
Own Id: OTP-8218</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
The documentation is now built with open source tools
(xsltproc and fop) that exists on most platforms. One
visible change is that the frames are removed.</p>
<p>
Own Id: OTP-8250</p>
</item>
<item>
<p>
Code cleanup from Kostis.</p>
<p>
Own Id: OTP-8260</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.6</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
The ssl:ssl_accept/3 issue was not properly fixed in the
previous patch, see OTP-8244.</p>
<p>
Own Id: OTP-8275 Aux Id: seq11451 </p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.5</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Allow clients to not send certificates if option
<c>fail_if_no_peer_cert</c> was not set.</p>
<p>
Own Id: OTP-8224</p>
</item>
<item>
<p>An ssl:ssl_accept/3 could crash a connection if the
timing was wrong.</p> <p>Removed info message if the
socket closed without a proper disconnect from the ssl
layer. </p> <p>ssl:send/2 is now blocking until the
message is sent.</p>
<p>
Own Id: OTP-8244 Aux Id: seq11420 </p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.4</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
A client could avoid a certificate check if the client
code didn't send the requested certificate.</p>
<p>
Own Id: OTP-8137</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.3</title>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>Packet handling was not implemented correctly.</p>
<p>Inet option handling support have been improved.</p>
<p>The <c>verify_fun</c> is now invoked even if
verify_peer is used, that implies that by default
{bad_cert,unknown_ca} is an accepted fault during the
client connection phase. The check can still be done by
suppling another verify_fun.</p>
<p>
Own Id: OTP-8011 Aux Id: seq11287 </p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.2</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
A "new_ssl" socket was not closed if the controlling
process died without calling ssl:close/1.</p>
<p>
Own Id: OTP-7963 Aux Id: seq11276 </p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Fixed bug that caused the ssl handshake finished message
to be calculated wrongly under the circumstances that the
server did not send the trusted cert and that the
previous cert did not have the extension telling us the
trusted certs name. This manifested it self as
bad_record_mac alert from the server.</p>
<p>
Own Id: OTP-7878</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
The cacertsfile option is now optional for ssl servers.</p>
<p>
Own Id: OTP-7656</p>
</item>
<item>
<p>
For the ssl client the options cacertfile, certfile and
keyfile are now optional as they are not always needed
depending on configuration of the client itself and the
configuration of the server. Also as PEM-files may
contain more than one entry the keyfile option will
default to the same file as given by the certfile option.</p>
<p>
Own Id: OTP-7870</p>
</item>
<item>
<p>
Added new ssl client option verify_fun.</p>
<p>
Own Id: OTP-7871</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.10</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
Error log entries are now formatted correctly.</p>
<p>
Own Id: OTP-7258</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
All handling of X509-certificates and public keys have
been moved to the new application public_key.</p>
<p>
Own Id: OTP-6894</p>
</item>
<item>
<p>
New ssl now supports SSL-3.0 and TLS-1.0</p>
<p>
Own Id: OTP-7037</p>
</item>
<item>
<p>
New ssl now supports all inet-packet types.</p>
<p>
Own Id: OTP-7039</p>
</item>
<item>
<p>
The new ssl-server is now able to send a certificate
request to the client. However new options may be
introduced later to fully support all features regarding
certificate requests.</p>
<p>
Own Id: OTP-7150</p>
</item>
</list>
</section>
<section><title>Known Bugs and Problems</title>
<list>
<item>
<p>
Running erlang distribution over ssl don't work as
described in the documentation.</p>
<p>
Own Id: OTP-7536</p>
</item>
</list>
</section>
</section>
<section><title>SSL 3.9</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
<p>
ssl_prim.erl was passing an FD rather than an #sslsocket
to ssl_broker:ssl_accept_prim. This could cause problems
in the deprecated accept function, this will not cause
any more problems however this function is deprecated!</p>
<p>
Own Id: OTP-6926</p>
</item>
<item>
<p>
Erlang distribution over ssl was broken after R11B-0,
this has now been fixed.</p>
<p>
Own Id: OTP-7004</p>
</item>
</list>
</section>
<section><title>Improvements and New Features</title>
<list>
<item>
<p>
All inet options are available in the new ssl
implementation that is released as a alfa in ssl-3.9 and
will replace the old implementation in ssl-4.0. This will
not be fixed in the old implementation.</p>
<p>
Own Id: OTP-4677</p>
</item>
<item>
<p>
The new ssl implementation released as a alfa in this
version supports upgrading of a tcp connection to an ssl
connection so that http client and servers may implement
RFC 2817.</p>
<p>
Own Id: OTP-5510</p>
</item>
<item>
<p>A new implementation of ssl is released as a alfa
version in ssl-3.9 it will later replace the old
implementation in ssl-4.0. The new implementation can be
accessed by providing the option {ssl_imp, new} to the
ssl:connect and ssl:listen functions.</p>
<p>The new implementation is Erlang based and all logic
is in Erlang and only payload encryption calculations are
done in C via the crypto application. The main reason for
making a new implementation is that the old solution was
very crippled as the control of the ssl-socket was deep
down in openssl making it hard if not impossible to
support all inet options, ipv6 and upgrade of a tcp
connection to an ssl connection. The alfa version has a
few limitations that will be removed before the ssl-4.0
release. Main differences and limitations in the alfa are
listed below.</p>
<list type="bulleted"> <item>New ssl requires the crypto
application.</item> <item>The option reuseaddr is
supported and the default value is false as in gen_tcp.
Old ssl is patched to accept that the option is set to
true to provide a smoother migration between the
versions. In old ssl the option is hard coded to
true.</item> <item>ssl:version/0 is replaced by
ssl:versions/0</item> <item>ssl:ciphers/0 is replaced by
ssl:cipher_suites/0</item> <item>ssl:pid/1 is a
meaningless function in new ssl and will be deprecated in
ssl-4.0 until it is removed it will return a valid but
meaningless pid.</item> <item>New API functions are
ssl:shutdown/2, ssl:cipher_suites/[0,1] and
ssl:versions/0</item> <item>Diffie-Hellman keyexchange is
not supported.</item> <item>Not all inet packet types are
supported.</item> <item>CRL and policy certificate
extensions are not supported.</item> <item>In this alfa
only sslv3 is enabled, although tlsv1 and tlsv1.1
versions are implemented and will be supported in future
versions.</item> <item>For security reasons sslv2 is not
supported.</item> </list>
<p>
Own Id: OTP-6619</p>
</item>
<item>
<p>
New ssl implementation, released as alfa in ssl-3.9,
supports ipv6. It will not be supported in the old
implementation.</p>
<p>
Own Id: OTP-6637 Aux Id: OTP-6636 </p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.1.1.1</title>
<section>
<title>Minor Makefile changes</title>
<list type="bulleted">
<item>
<p>Removed use of <c>erl_flags</c> from Makefile.</p>
<p>Own Id: OTP-6689</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.1.1</title>
<section>
<title>Crash on error in ssl_accept</title>
<list type="bulleted">
<item>
<p>A bug in ssl_accept could cause all ssl
connections to hang when a connection
attempt was closed by the client while
the server was in <c>ssl_accept</c>.</p>
<p>Own Id: OTP-6612 Aux Id: seq10599</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.1</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>SSL now uses a two-phase accept, with a separate accept
calls for the socket and the ssl protocol. This avoids
timeouts when a client doesn't initiate ssl handshake.</p>
<p>With the old implementation of accept, the server
was locked by a client, if the client didn't do
proper ssl handshake.</p>
<p>Own Id: OTP-6418 Aux Id: seq10105</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.0.12</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>An integer array pointing to a struct pollfd array, is
now reset before file descriptors are collected to be
included in a call to poll(). This is to prevent file
descriptors to be mixed up.</p>
<p>Own Id: OTP-6084</p>
</item>
<item>
<p>The generation of the module ssl_pkix_oid contained
multiple identifiers, which made the mapping between
atoms and identifiers not one-to-one.</p>
<p>Own Id: OTP-6085</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.0.11</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>The state of a connection in active mode could be in a
restrictive state, so that an internal tcp_closed message
was incorrectly considered illegal, resulting in a
premature termination of the connection process.</p>
<p>Own Id: OTP-5972 Aux Id: seq10188 </p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.0.10</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>Erlang distribution over SSL was broken. Corrected.
(Thanks to Fredrik Thulin.)</p>
<p>Own Id: OTP-5863</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.0.9</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>The port program for the ssl application could waste huge
amounts of CPU time if a write could not be completed
directly and was put in the write queue. (Only on platforms
where poll() is used, such as Solaris and Linux.)</p>
<p>Own Id: OTP-5784</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.0.8</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>A process reading only a portion of a sufficiently large
amount of data from an accepted socket, and then quering
the ssl library (e.g. ssl:getpeername()), would cause a
global deadlock in the esock port program.</p>
<p>Own Id: OTP-5702</p>
</item>
<item>
<p>A spelling error in the module <c>ssl_pkix</c> caused the
call to <c>ssl:peercert/2</c> to fail when the option
<c>subject</c> was used.</p>
<p>Own Id: OTP-5708</p>
</item>
<item>
<p>Because fopen() on Solaris 8 can't handle file
descriptor numbers above 255, reading of certificate
files would fail if all file descriptors below 256 were
in use (typically, if many connections were open). This
problem has been worked around.</p>
<p>The ssl application's port program used to use
select(), which meant that it could not handle more than
FD_SETSIZE file descriptors (usually 1024). To eliminate
that limitation, poll() is now used on all platforms that
support it.</p>
<p>Solaris/Sparc, 64-bit emulator: The SO_REUSEADDR
option was not set for listen sockets, which essentially
made the ssl application unusable. Corrected.</p>
<p>The default listen queue size for ssl port program was
changed to 128 (from 5).</p>
<p>Own Id: OTP-5755 Aux Id: seq10068 </p>
</item>
</list>
</section>
</section>
<section>
<title>Ssl 3.0.7</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>The R/W buffer length i esock.c was too small. It has
been increased from 4k to 32k.</p>
<p>Own Id: OTP-5620</p>
</item>
</list>
</section>
</section>
<section>
<title>Ssl 3.0.6</title>
<section>
<title>Improvements and New Features</title>
<list type="bulleted">
<item>
<p>A configuration option for choosing protocol versions has
been added (<c>sslv2</c>, <c>sslv3</c>, and
<c>tlsv1</c>).</p>
<p>Own Id: OTP-5429 Aux Id: seq9755 </p>
</item>
</list>
</section>
</section>
<section>
<title>Ssl 3.0.5</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>Linked in drivers in the crypto, and asn1 applications
are now compiled with the -D_THREAD_SAFE and -D_REENTRANT
switches on unix when the emulator has thread support
enabled.</p>
<p>Linked in drivers on MacOSX are not compiled with the
undocumented -lbundle1.o switch anymore. Thanks to Sean
Hinde who sent us a patch.</p>
<p>Linked in driver in crypto, and port programs in ssl, now
compiles on OSF1.</p>
<p>Minor makefile improvements in runtime_tools.</p>
<p>Own Id: OTP-5346</p>
</item>
</list>
</section>
</section>
<section>
<title>Ssl 3.0.4</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p><c>ssl:recv/3</c> with finite timeout value, closed the
connection at timeout.</p>
<p>Own Id: OTP-4882</p>
</item>
</list>
</section>
</section>
<section>
<title>Ssl 3.0.3</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>When a file descriptor was marked for closing, and
end-of-file condition had already been detected, the file
descriptor was never closed.</p>
<p>Own Id: OTP-5093 Aux Id: seq8806 </p>
</item>
<item>
<p>When the number of open file descriptors reached
FD_SETSIZE, the SSL port program entered a busy loop.</p>
<p>Own Id: OTP-5094 Aux Id: seq8806 </p>
</item>
</list>
</section>
<section>
<title>Improvements and New Features</title>
<list type="bulleted">
<item>
<p>The SSL application now supports SSL sessions for
servers, which typically speeds up HTTP requests from
browsers.</p>
<p>Own Id: OTP-5095</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 3.0.2</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>The UTF8String type is now defined in asn1-1.4.4.2 and
later. Therefore the definitions of UTF8String has been
removed from the ASN.1 modules PKIX1Explicit88.asn1 and
PKIXAttributeCertificate.asn1. The SSL application can now
only be built using asn-1.4.4.2 or later.</p>
<p>OwnId: OTP-4971.</p>
</item>
</list>
</section>
<section>
<title>Known Bugs and Problems</title>
<p>See SSL-3.0.
</p>
</section>
</section>
<section>
<title>SSL 3.0.1</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>An unexpected object identifier would crash <c>ssl:peercert</c>. </p>
<p>OwnId: OTP-4771.</p>
</item>
</list>
</section>
<section>
<title>Known Bugs and Problems</title>
<p>See SSL-3.0.
</p>
</section>
</section>
<section>
<title>SSL 3.0</title>
<section>
<title>Improvements and New Features</title>
<list type="bulleted">
<item>
<p>The <c>cache_timout</c> option was silently ignored. It had
to do with SSL sessions, where multiple connections can occur.
Since the Erlang SSL application does not support sessions the
option is still ignored, and consequently the documentation
about it has been removed.</p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>The Erlang SSL application is now based on OpenSSL version
0.9.7a. OpenSSL 0.9.6 should also work.</p>
<p>OwnId: OTP-4002</p>
</item>
<item>
<p>When connecting it is now possible to bind to a local address
and local port. </p>
<p>OwnId: OTP-4675</p>
</item>
<item>
<p>The <c>ssl_esock</c> port program is now part of the
distribution and thus does not have to be created
explicitly. It is dynamically linked to OpenSSL
libraries in a "standard" location (typically
<c>/usr/local/lib</c> on UNIX; in the path on Win32).</p>
<p>OwnId:
OTP-4676</p>
</item>
<item>
<p>The new functions <c>ssl:peercert/1/2</c> provide information
from the certificate of a peer of a connection.</p>
<p>OwnId: OTP-4680
<br></br>
Aux Id: seq7688</p>
</item>
<item>
<p>The function <c>ssl:port/1</c> has been removed from the
documentation, but not from the <c>ssl</c> interface module.
The recommendation is to use <c>ssl:peername/1</c>
instead, which provides both address and port of the peer.</p>
<p>OwnId: OTP-4681 </p>
</item>
<item>
<p>New User's Guide documentation has been added.</p>
<p>OwnId: OTP-4682 </p>
</item>
<item>
<p>The old <c>ssl_socket</c> interface has been removed and also
the documentation of it. </p>
<p>OwnId: OTP-4683 </p>
</item>
<item>
<p>The use of ephemeral RSA keys is now supported. It is
a global configuration option (see the ssl(6) manual page).</p>
<p>OwnId: OTP-4691.</p>
</item>
</list>
</section>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>The option <c>cacertfile</c> is now in effect, and can
therefore no longer be set with the OS environment
variable SSL_CERT_FILE (which did set the same value for
all connections). </p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>There was a synchronization error at closing of an SSL
connection. </p>
<p>OwnId: OTP-4435
<br></br>
Aux Id: seq7534</p>
</item>
<item>
<p>C macros in <c>debuglog.c</c> were not ANSI C compliant.</p>
<p>OwnId: OTP-4674</p>
</item>
<item>
<p>The <c>binary</c> option was not properly handled.</p>
<p>OwnId: OTP-4678</p>
</item>
<item>
<p>The <c>ssl:format_error/1</c> did not consider <c>inet</c>
error codes, nor did it have a catch all for unknown error
codes.</p>
<p>OwnId: OTP-4679</p>
</item>
</list>
</section>
<section>
<title>Known Bugs and Problems</title>
<list type="bulleted">
<item>
<p>Change of controlling process in not OTP compliant. </p>
<p>OwnId; OTP-4712</p>
</item>
<item>
<p>There is still no way to restrict the cipher sizes. </p>
<p>OwnId: OTP-4712</p>
</item>
<item>
<p>The <c>keep_alive</c> and <c>reuse_addr</c> options will be
added in a future release. </p>
<p>OwnId: OTP-4677</p>
</item>
<item>
<p>There is currently no way to restrict the SSL/TLS
protocol versions to use. In a future release this will be
supported as a configuration option, and as an option for
each connection as well. </p>
<p>OwnId: OTP-4711.</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 2.3.6</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>There was a synchronization error at closing, which could
result in that an SSL socket was removed prematurely, resulting
in that a user process referring to it received an unexpected
exit.</p>
<p>OwnId: OTP-4435
<br></br>
Aux Id: seq7600</p>
</item>
</list>
</section>
<section>
<title>Known Bugs and Problems</title>
<p>See SSL 2.2 . </p>
</section>
</section>
<section>
<title>SSL 2.3.5</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>Setting of the option `nodelay' caused the SSL port program
to dump core.</p>
<p>OwnId: OTP-4380
<br></br>
Aux Id: -</p>
</item>
<item>
<p>Setting of the option '{active, once}' in <c>setopts</c> was
wrong, causing a correct socket message to be regarded as
erroneous. </p>
<p>OwnId: OTP-4380
<br></br>
Aux Id: -</p>
</item>
<item>
<p>A self-signed peer certificate was always rejected with the
error `eselfsignedcert', irrespective of the `depth' value. </p>
<p>OwnId: OTP-4374
<br></br>
Aux Id: seq7417</p>
</item>
</list>
</section>
<section>
<title>Known Bugs and Problems</title>
<p>See SSL 2.2 . </p>
</section>
</section>
<section>
<title>SSL 2.3.4</title>
<section>
<title>Improvements and New Features</title>
<list type="bulleted">
<item>
<p>All TCP options allowed in gen_tcp, are now also allowed in
SSL, except the option <c>{reuseaddr, Boolean}</c>. A new
function <c>getopts</c> has been added to the SSL interface
module <c>ssl</c>. </p>
<p>OwnId: OTP-4305, OTP-4159</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 2.3.3</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>The roles of the SSLeay and OpenSSL packages has been
clarified in the ssl(6) application manual page. Also
the URLs from which to download SSLeay has been updated.</p>
<p>OwnId: OTP-4002
<br></br>
Aux Id: seq5269</p>
</item>
<item>
<p>A call to <c>ssl:listen(Port, Options)</c> with
<c>Options = []</c> resulted in the cryptic <c>{error, ebadf}</c> return value. The return value has been changed
to <c>{error, enooptions}</c>, and the behaviour has been
documented in the <c>listen/2</c> function.</p>
<p>OwnId: OTP-4016
<br></br>
Aux Id: seq7006</p>
</item>
<item>
<p>Use of the option <c>{nodelay, boolean()}</c> crashed
the <c>ssl_server</c>.</p>
<p>OwnId: OTP-4070
<br></br>
Aux Id:</p>
</item>
<item>
<p>A bug caused the Erlang distribution over ssl to fail.
This bug has now been fixed.</p>
<p>OwnId: OTP-4072
<br></br>
Aux Id:</p>
</item>
<item>
<p>On Windows when the SSL port program encountered an
error code not anticipated it crashed. </p>
<p>OwnId: OTP-4132
<br></br>
Aux Id:</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 2.3.2</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>The <c>ssl:accept/1-2</c> function sometimes returned
<c>{error, {What, Where}}</c> instead of <c>{error, What}</c>, where <c>What</c> is an atom. </p>
<p>OwnId: OTP-3775
<br></br>
Aux Id: seq4991</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 2.3.1</title>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>Sometimes the SSL portprogram would loop in an accept
loop, without terminating even when the SSL application
was stopped.. </p>
<p>OwnId: OTP-3691</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 2.3</title>
<p>Functions have been added to SSL to experimentally support
Erlang distribution.
</p>
</section>
<section>
<title>SSL 2.2.1</title>
<p>The 2.2.1 version of SSL provides code replacement in runtime
by upgrading from, or downgrading to, versions 2.1 and 2.2.
</p>
</section>
<section>
<title>SSL 2.2</title>
<section>
<title>Improvements and New Features</title>
<list type="bulleted">
<item>
<p>The restriction that only the creator of an SSL socket can
read from and write to the socket has been lifted.</p>
<p>OwnId: OTP-3301</p>
</item>
<item>
<p>The option <c>{packet, cdr}</c> for SSL sockets has been added,
which means that SSL sockets also supports CDR encoded packets.</p>
<p>OwnId: OTP-3302</p>
</item>
</list>
</section>
<section>
<title>Known Bugs and Problems</title>
<list type="bulleted">
<item>
<p>Setting of a CA certificate file with the <c>cacertfile</c>
option (in calls to <c>ssl:accept/1/2</c> or
<c>ssl:connect/3/4</c>) does not work due to weaknesses
in the SSLeay package. </p>
<p>A work-around is to set the OS environment variable
<c>SSL_CERT_FILE</c> before SSL is started. However, then
the CA certificate file will be global for all connections.</p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>When changing controlling process of an SSL socket, a
temporary process is started, which is not gen_server
compliant.</p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>Although there is a <c>cache</c> timeout option, it is
silently ignored.</p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>There is currently no way to restrict the cipher sizes.</p>
<p>OwnId: OTP-3146</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 2.1</title>
<section>
<title>Improvements and New Features</title>
<list type="bulleted">
<item>
<p>The set of possible error reasons has been extended to
contain diagnostics on erroneous certificates and failures
to verify certificates.</p>
<p>OwnId: OTP-3145</p>
</item>
<item>
<p>The maximum number of simultaneous SSL connections on
Windows has been increased from 31 to 127.</p>
<p>OwnId: OTP-3145</p>
</item>
</list>
</section>
<section>
<title>Fixed Bugs and Malfunctions</title>
<list type="bulleted">
<item>
<p>A dead-lock occurring when write queues are not empty has
been removed. </p>
<p>OwnId: OTP-3145</p>
</item>
<item>
<p>Error reasons have been unified and changed.</p>
<p>(** POTENTIAL INCOMPATIBILITY **)</p>
<p>OwnId: OTP-3145</p>
</item>
<item>
<p>On Windows a check of the existence of the environment
variable <c>ERLSRV_SERVICE_NAME</c> has been added. If
that variable is defined, the port program of the SSL
application will not terminated when a user logs off.</p>
<p>OwnId: OTP-3145</p>
</item>
<item>
<p>An error in the setting of the <c>nodelay</c> option
has been corrected.</p>
<p>OwnId: OTP-3145</p>
</item>
<item>
<p>The confounded notions of verify mode and verify depth has
been corrected. The option <c>verifydepth</c> has been
removed, and the two separate options <c>verify</c> and
<c>depth</c> has been added.</p>
<p>(** POTENTIAL INCOMPATIBILITY **)</p>
<p>OwnId: OTP-3145</p>
</item>
</list>
</section>
<section>
<title>Known Bugs and Problems</title>
<list type="bulleted">
<item>
<p>Setting of a CA certificate file with the <c>cacertfile</c>
option (in calls to <c>ssl:accept/1/2</c> or
<c>ssl:connect/3/4</c>) does not work due to weaknesses
in the SSLeay package. </p>
<p>A work-around is to set the OS environment variable
<c>SSL_CERT_FILE</c> before SSL is started. However, then
the CA certificate file will be global for all connections.</p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>When changing controlling process of an SSL socket, a
temporary process is started, which is not gen_server
compliant.</p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>Although there is a <c>cache</c> timeout option, it is
silently ignored.</p>
<p>OwnId: OTP-3146</p>
</item>
<item>
<p>There is currently no way to restrict the cipher sizes.</p>
<p>OwnId: OTP-3146</p>
</item>
</list>
</section>
</section>
<section>
<title>SSL 2.0</title>
<p>A complete new version of SSL with separate I/O channels
for all connections with non-blocking I/O multiplexing.</p>
</section>
</chapter>
