aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl_app.xml
diff options
context:
space:
mode:
authorLars Thorsen <[email protected]>2015-12-11 10:08:14 +0100
committerLars Thorsen <[email protected]>2015-12-11 10:08:14 +0100
commit373389620fe3dee6f1032f20f7d4acac90e45831 (patch)
tree7365c562b80686abc1ea289caec6934b018e4e04 /lib/ssl/doc/src/ssl_app.xml
parent6288a8610ae9fb0f1aa9ebfe0fe1b46ff87c3668 (diff)
parentfae6b9385f3d0d1c725ca6cdb588b8bf1e473721 (diff)
downloadotp-373389620fe3dee6f1032f20f7d4acac90e45831.tar.gz
otp-373389620fe3dee6f1032f20f7d4acac90e45831.tar.bz2
otp-373389620fe3dee6f1032f20f7d4acac90e45831.zip
Merge branch 'maint'
Diffstat (limited to 'lib/ssl/doc/src/ssl_app.xml')
-rw-r--r--lib/ssl/doc/src/ssl_app.xml34
1 files changed, 30 insertions, 4 deletions
diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
index 24b0f5300e..6c82e32a74 100644
--- a/lib/ssl/doc/src/ssl_app.xml
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -33,7 +33,33 @@
<appsummary>The ssl application provides secure communication over
sockets.</appsummary>
- <description></description>
+ <description>
+ <p>
+ The ssl application is an implementation of the SSL/TLS protocol in Erlang.
+ </p>
+ <list type="bulleted">
+ <item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0,
+ TLS-1.1, and TLS-1.2.</item>
+ <item>For security reasons SSL-2.0 is not supported.</item>
+ <item>For security reasons SSL-3.0 is no longer supported by default,
+ but can be configured.</item>
+ <item>Ephemeral Diffie-Hellman cipher suites are supported,
+ but not Diffie Hellman Certificates cipher suites.</item>
+ <item>Elliptic Curve cipher suites are supported if the Crypto
+ application supports it and named curves are used.
+ </item>
+ <item>Export cipher suites are not supported as the
+ U.S. lifted its export restrictions in early 2000.</item>
+ <item>IDEA cipher suites are not supported as they have
+ become deprecated by the latest TLS specification so it is not
+ motivated to implement them.</item>
+ <item>CRL validation is supported.</item>
+ <item>Policy certificate extensions are not supported.</item>
+ <item>'Server Name Indication' extension client side
+ (RFC 6066, Section 3) is supported.</item>
+ </list>
+ </description>
+
<section>
<title>DEPENDENCIES</title>
<p>The SSL application uses the <c>public_key</c> and
@@ -58,7 +84,7 @@
<p><c>erl -ssl protocol_version "['tlsv1.2', 'tlsv1.1']"</c></p>
<taglist>
- <tag><c> protocol_version = <seealso marker="ssl#type-protocol">ssl:protocol()</seealso> <![CDATA[<optional>]]></c></tag>
+ <tag><c>protocol_version = </c><seealso marker="ssl#type-protocol">ssl:protocol()</seealso><c><![CDATA[<optional>]]></c></tag>
<item><p>Protocol supported by started clients and
servers. If this option is not set, it defaults to all
protocols currently supported by the SSL application.
@@ -78,8 +104,8 @@
<item><p>List of extra user-defined arguments to the <c>init</c> function
in the session cache callback module. Defaults to <c>[]</c>.</p></item>
- <tag><c><![CDATA[session_cache_client_max = integer() <optional>]]></c></tag>
- <tag><c><![CDATA[session_cache_server_max = integer() <optional>]]></c></tag>
+ <tag><c><![CDATA[session_cache_client_max = integer() <optional>]]></c><br/>
+ <c><![CDATA[session_cache_server_max = integer() <optional>]]></c></tag>
<item><p>Limits the growth of the clients/servers session cache,
if the maximum number of sessions is reached, the current cache entries will
be invalidated regardless of their remaining lifetime. Defaults to 1000.