ssl: Make TLS-1.2 default version

5 files changed, 20 insertions, 12 deletions

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index f0eac76264..e45a4c774f 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -36,8 +36,8 @@
 
     <list type="bulleted">
       <item>ssl requires the crypto and public_key applications.</item>
-      <item>Supported SSL/TLS-versions are SSL-3.0 and TLS-1.0, experimental
-      support for TLS-1.1 and TLS-1.2 is also available (no support for elliptic curve cipher suites yet).</item>
+      <item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0,
+      TLS-1.1 and TLS-1.2 (no support for elliptic curve cipher suites yet).</item>
       <item>For security reasons sslv2 is not supported.</item>
       <item>Ephemeral Diffie-Hellman cipher suites are supported
       but not Diffie Hellman Certificates cipher suites.</item>
diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
index 2ba6f48611..178bbcaebb 100644
--- a/lib/ssl/doc/src/ssl_app.xml
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE appref SYSTEM "appref.dtd">
 
 <appref>
@@ -29,7 +29,17 @@
   sockets.</appsummary>
 
   <section>
-    <title>Environment</title>
+    <title>DEPENDENCIES</title>
+    <p>The ssl application uses the Erlang applications public_key and
+    crypto to handle public keys and encryption, hence these
+    applications needs to be loaded for the ssl application to work. In
+    an embedded environment that means they need to be started with
+    application:start/[1,2] before the ssl application is started.
+    </p>
+  </section>
+
+  <section>
+    <title>ENVIRONMENT</title>
     <p>The following application environment configuration parameters
       are defined for the SSL application. Refer to application(3) for
       more information about configuration parameters.
diff --git a/lib/ssl/doc/src/ssl_protocol.xml b/lib/ssl/doc/src/ssl_protocol.xml
index 17268a634d..f540dc999b 100644
--- a/lib/ssl/doc/src/ssl_protocol.xml
+++ b/lib/ssl/doc/src/ssl_protocol.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2003</year><year>2011</year>
+      <year>2003</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -25,9 +25,8 @@
     <file>ssl_protocol.xml</file>
   </header>
   
-  <p>The erlang SSL application currently supports SSL 3.0 and TLS 1.0
-  RFC 2246, and will in the future also support later versions of TLS.
-  SSL 2.0 is not supported.
+  <p>The erlang SSL application currently implements the protocol SSL/TLS
+  for currently supported versions see <seealso marker="ssl">ssl(3)</seealso>
   </p>
 
   <p>By default erlang SSL is run over the TCP/IP protocol even
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index a5db2dcee7..ed0dc34adf 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -69,8 +69,8 @@
 -define(TRUE, 0).
 -define(FALSE, 1).
 
--define(DEFAULT_SUPPORTED_VERSIONS, [tlsv1, sslv3]). %% Add 'tlsv1.1' in R16
 -define(ALL_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]).
+-define(MIN_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1, sslv3]).
 
 -record(ssl_options, {
 	  versions,   % 'tlsv1.2' | 'tlsv1.1' | tlsv1 | sslv3
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 8e93ce4634..173b9611c6 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -463,10 +463,9 @@ supported_protocol_versions() ->
 supported_protocol_versions([]) ->
     Vsns = case sufficient_tlsv1_2_crypto_support() of
 	       true ->
-		   %%?ALL_SUPPORTED_VERSIONS; %% Add TlS-1.2 as default in R16
-		   ?DEFAULT_SUPPORTED_VERSIONS;
+		   ?ALL_SUPPORTED_VERSIONS;
 	       false ->
-		   ?DEFAULT_SUPPORTED_VERSIONS
+		   ?MIN_SUPPORTED_VERSIONS
 	   end,
     application:set_env(ssl, protocol_version, Vsns),
     Vsns;