Merge branch 'hans/ssh/doc_fixes'

2 files changed, 81 insertions, 7 deletions

diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 5c9ce3d5fb..ea7e975ef5 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -320,6 +320,29 @@
 	    attempted.</p>
           </item>
 
+	  <!--tag><c><![CDATA[{send_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Send a list of extensions to the server if the server has asked for it.  See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Currently the client do not react on any extensions.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item-->
+
+	  <tag><c><![CDATA[{recv_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Tell the server that the client accepts extension negotiation.  See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Currently implemented extension is <c>server-sig-algs</c> which is the list of the server's preferred
+	    user's public key algorithms.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item>
+
 	  <tag><c><![CDATA[{key_cb, key_cb()}]]></c></tag>
 	  <item>
 	    <p>Module implementing the behaviour <seealso
@@ -685,6 +708,27 @@
 	    </p>
 	  </item>
 
+	  <tag><c><![CDATA[{send_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Send a list of extensions to the client if the client has asked for it. See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Currently implemented extension is sending <c>server-sig-algs</c> which is the list of the server's preferred
+	    user's public key algorithms.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item>
+
+	  <!--tag><c><![CDATA[{recv_ext_info, boolean()}]]></c></tag>
+          <item>
+	    <p>Tell the client that the server accepts extension negotiation.  See 
+	    <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url> for details.
+	    </p>
+	    <p>Default value is <c>true</c>.
+	    </p>
+          </item-->
+
 	  <tag><c><![CDATA[{key_cb, key_cb()}]]></c></tag>
 	  <item>
 	    <p>Module implementing the behaviour <seealso
diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml
index 74c4111338..33ec7aaee0 100644
--- a/lib/ssh/doc/src/ssh_app.xml
+++ b/lib/ssh/doc/src/ssh_app.xml
@@ -161,6 +161,8 @@
 	  <item>ecdsa-sha2-nistp521</item>
 	  <item>ssh-rsa</item>
 	  <item>ssh-dss</item>
+	  <item>rsa-sha2-256</item>
+	  <item>rsa-sha2-512</item>
 	</list>
       </item>
 
@@ -176,21 +178,23 @@
       <tag>Encryption algorithms (ciphers)</tag>
       <item>
 	<list type="bulleted">
-	  <item>[email protected] (AEAD_AES_128_GCM)</item>
-          <item>[email protected] (AEAD_AES_256_GCM)</item>
+          <item>[email protected]</item>
+          <item>[email protected]</item>
 	  <item>aes128-ctr</item>
 	  <item>aes192-ctr</item>
 	  <item>aes256-ctr</item>
 	  <item>aes128-cbc</item>
 	  <item>3des-cbc</item>
+	  <item>(AEAD_AES_128_GCM, not enabled per default)</item>
+          <item>(AEAD_AES_256_GCM, not enabled per default)</item>
 	</list>
+	<p>See the text at the description of <seealso marker="#rfc5647_note">the rfc 5647 further down</seealso>
+	for more information regarding AEAD_AES_*_GCM.
+	</p>
 	<p>Following the internet de-facto standard, the cipher and mac algorithm AEAD_AES_128_GCM is selected when the 
 	cipher [email protected] is negotiated. The cipher and mac algorithm AEAD_AES_256_GCM is selected when the
 	cipher [email protected] is negotiated.
 	</p>
-	<p>See the text at the description of <seealso marker="#rfc5647_note">the rfc 5647 further down</seealso>
-	for more information.
-	</p>
       </item>
 	
       <tag>Compression algorithms</tag>
@@ -235,7 +239,11 @@
       </item>
 
       <item><url href="https://tools.ietf.org/html/rfc4253">RFC 4253</url>, The Secure Shell (SSH) Transport Layer Protocol.
-       <p></p>
+      <p>Except</p>
+      <list type="bulleted">
+	<item>8.1.  diffie-hellman-group1-sha1. Disabled by default, can be enabled with the <c>preferred_algorithms</c> option.</item>
+      </list>
+      <p/>
       </item>
 
       <item><url href="https://tools.ietf.org/html/rfc4254">RFC 4254</url>, The Secure Shell (SSH) Connection Protocol.
@@ -310,7 +318,29 @@
       </p>
       </item>
 
-      <item>Work in progress: <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2">https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-05</url>, Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)</item>
+      <item><url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2">Draft-ietf-curdle-ssh-kex-sha2 (work in progress)</url>, Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH).
+      <p>Deviations:</p>
+      <list type="bulleted">
+	<item>The <c>diffie-hellman-group1-sha1</c> is not enabled by default, but is still supported and can be enabled
+	with the option <c>preferred-algorithms</c></item>
+	<item>The questionable sha1-based algorithms <c>diffie-hellman-group-exchange-sha1</c> and
+	<c>diffie-hellman-group14-sha1</c> are still enabled by default for compatibility with ancient clients and servers.
+	They can be disabled with the option <c>preferred-algorithms</c></item>
+      </list>
+      <p/>
+      </item>
+
+      <item><url href="https://tools.ietf.org/html/draft-ietf-curdle-rsa-sha2">Draft-ietf-curdle-rsa-sha2 (work in progress)</url>, Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH).
+      </item>
+      
+      <item><url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info">Draft-ietf-curdle-ssh-ext-info (work in progress)</url>, Extension Negotiation in Secure Shell (SSH).
+      <p>Implemented are:</p>
+      <list type="bulleted">
+	<item>The Extension Negotiation Mechanism</item>
+	<item>The extension <c>server-sig-algs</c></item>
+      </list>
+      <p/>
+      </item>
       
     </list>