diff options
author | Ingela Anderton Andin <[email protected]> | 2015-03-05 09:15:24 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2015-03-05 09:15:24 +0100 |
commit | 549785976441514377e1da14c5c1e7fb289456e0 (patch) | |
tree | 70e09cf100cd86020a77f32b4d5d99fe680927a6 /lib/ssl/doc/src/ssl.xml | |
parent | 71b52f31772210a7160317966ca46e36140b935a (diff) | |
parent | ed540bd0e457fd43a5b3eaf41f9886cb63a2755a (diff) | |
download | otp-549785976441514377e1da14c5c1e7fb289456e0.tar.gz otp-549785976441514377e1da14c5c1e7fb289456e0.tar.bz2 otp-549785976441514377e1da14c5c1e7fb289456e0.zip |
Merge branch 'ia/ssl/TLS_FALLBACK_SCSV/OTP-12458' into maint
* ia/ssl/TLS_FALLBACK_SCSV/OTP-12458:
ssl: Implement support for TLS_FALLBACK_SCSV
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
-rw-r--r-- | lib/ssl/doc/src/ssl.xml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 249fee5760..0c042f8571 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -425,6 +425,23 @@ fun(srp, Username :: string(), UserState :: term()) -> Indication extension will be sent if possible, this option may also be used to disable that behavior.</p> </item> + <tag>{fallback, boolean()}</tag> + <item> + <p> Send special cipher suite TLS_FALLBACK_SCSV to avoid undesired TLS version downgrade. + Defaults to false</p> + <warning><p>Note this option is not needed in normal TLS usage and should not be used + to implement new clients. But legacy clients that that retries connections in the following manner</p> + + <p><c> ssl:connect(Host, Port, [...{versions, ['tlsv2', 'tlsv1.1', 'tlsv1', 'sslv3']}])</c></p> + <p><c> ssl:connect(Host, Port, [...{versions, [tlsv1.1', 'tlsv1', 'sslv3']}, {fallback, true}])</c></p> + <p><c> ssl:connect(Host, Port, [...{versions, ['tlsv1', 'sslv3']}, {fallback, true}]) </c></p> + <p><c> ssl:connect(Host, Port, [...{versions, ['sslv3']}, {fallback, true}]) </c></p> + + <p>may use it to avoid undesired TLS version downgrade. Note that TLS_FALLBACK_SCSV must also + be supported by the server for the prevention to work. + </p></warning> + </item> + </taglist> </section> |