Merge branch 'ingela/DTLS-supported'

* ingela/DTLS-supported: ssl: Fix typo dtls: Add DTLS handling to utility functions ssl: Document enhancment ssl: Document DTLS
author: Ingela Anderton Andin <[email protected]> 2018-01-25 17:33:10 +0100
committer: Ingela Anderton Andin <[email protected]> 2018-01-25 17:33:10 +0100
commit: 29d14ac3cd705d71e68ed42d4b2a0898544ec077 (patch)
tree: a6030c5388ea800234bfa80fbc7493ec47c90e12 /lib/ssl/doc/src/ssl_app.xml
parent: f05074ac001a5f81f98c08d8812850a7d0b9ab18 (diff)
parent: 6a38adea390ff4c04103037a5fbd9044c6da12ad (diff)
download: otp-29d14ac3cd705d71e68ed42d4b2a0898544ec077.tar.gz
otp-29d14ac3cd705d71e68ed42d4b2a0898544ec077.tar.bz2
otp-29d14ac3cd705d71e68ed42d4b2a0898544ec077.zip
1 files changed, 18 insertions, 12 deletions
diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
index 3b0f01d1e8..51070bb083 100644
--- a/lib/ssl/doc/src/ssl_app.xml
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -35,11 +35,11 @@
 
   <description>
     <p>
-      The ssl application is an implementation of the SSL/TLS protocol in Erlang.
+      The ssl application is an implementation of the SSL/TLS/DTLS protocol in Erlang.
     </p>
     <list type="bulleted">
-      <item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0,
-      TLS-1.1, and TLS-1.2.</item>
+      <item>Supported SSL/TLS/DTLS-versions are SSL-3.0, TLS-1.0,
+      TLS-1.1, TLS-1.2, DTLS-1.0 (based on TLS-1.1), DTLS-1.2 (based on TLS-1.2)</item>
       <item>For security reasons SSL-2.0 is not supported.</item>
       <item>For security reasons SSL-3.0 is no longer supported by default,
       but can be configured. (OTP 19) </item>
@@ -76,7 +76,7 @@
 
   <section>
     <title>DEPENDENCIES</title>
-    <p>The SSL application uses the <c>public_key</c> and
+    <p>The SSL application uses the <c>public_key</c>, <c>asn1</c> and
     Crypto application to handle public keys and encryption, hence
     these applications must be loaded for the SSL application to work. 
     In an embedded environment this means they must be started with
@@ -98,13 +98,20 @@
     <p><c>erl -ssl protocol_version "['tlsv1.2', 'tlsv1.1']"</c></p>
 
     <taglist>
-      <tag><c>protocol_version = </c><seealso marker="ssl#type-protocol">ssl:protocol()</seealso><c><![CDATA[<optional>]]></c></tag>
+      <tag><c>protocol_version = </c><seealso marker="ssl#type-protocol">ssl:ssl_tls_protocol()</seealso><c><![CDATA[<optional>]]></c></tag>
       <item><p>Protocol supported by started clients and
       servers. If this option is not set, it defaults to all
-      protocols currently supported by the SSL application.
+      TLS protocols currently supported by the SSL application.
       This option can be overridden by the version option
       to <c>ssl:connect/[2,3]</c> and <c>ssl:listen/2</c>.</p></item>
 
+      <tag><c>dtls_protocol_version = </c><seealso marker="ssl#type-protocol">ssl:dtls_protocol()</seealso><c><![CDATA[<optional>]]></c></tag>
+      <item><p>Protocol supported by started clients and
+      servers. If this option is not set, it defaults to all
+      DTLS protocols currently supported by the SSL application.
+      This option can be overridden by the version option
+      to <c>ssl:connect/[2,3]</c> and <c>ssl:listen/2</c>.</p></item>
+      
       <tag><c><![CDATA[session_lifetime = integer() <optional>]]></c></tag>
       <item><p>Maximum lifetime of the session data in seconds. Defaults to 24 hours which is the maximum
       recommended lifetime by <url href="http://www.ietf.org/rfc/5246rfc.txt">RFC 5246</url>. However
@@ -127,14 +134,14 @@
       new client connections.  If the maximum number of sessions is
       reached, the current cache entries will be invalidated
       regardless of their remaining lifetime. Defaults to
-      1000.</p></item>
+      1000. Recommended ssl-8.2.1 or later for this option to work as intended.</p></item>
 
       <tag> <c><![CDATA[session_cache_server_max = integer() <optional>]]></c></tag>
       <item><p>Limits the growth of the servers session cache, that is
       how many client sessions are cached by the server. If the
       maximum number of sessions is reached, the current cache entries
       will be invalidated regardless of their remaining
-      lifetime. Defaults to 1000.</p></item>
+      lifetime. Defaults to 1000. Recommended ssl-8.2.1 or later for this option to work as intended.</p></item>
       
       <tag><c><![CDATA[ssl_pem_cache_clean = integer() <optional>]]></c></tag>
       <item>
@@ -149,9 +156,8 @@
       <tag><c><![CDATA[bypass_pem_cache = boolean() <optional>]]></c></tag>
       <item>
 	<p>Introduced in ssl-8.0.2. Disables the PEM-cache.
-	The PEM cache has proven to be a bottleneck, until the
-	implementation has been improved this can be used as
-	a workaround. Defaults to false.
+	Can be used as a workaround for the PEM-cache bottleneck
+	before ssl-8.1.1. Defaults to false.
 	</p>
       </item>
       
@@ -171,7 +177,7 @@
     <title>ERROR LOGGER AND EVENT HANDLERS</title>
     <p>The SSL application uses the default <seealso
     marker="kernel:error_logger">OTP error logger</seealso> to log
-    unexpected errors and TLS alerts. The logging of TLS alerts may be
+    unexpected errors and TLS/DTLS alerts. The logging of TLS/DTLS alerts may be
     turned off with the <c>log_alert</c> option. </p>
   </section>
author	Ingela Anderton Andin <[email protected]>	2018-01-25 17:33:10 +0100
committer	Ingela Anderton Andin <[email protected]>	2018-01-25 17:33:10 +0100
commit	29d14ac3cd705d71e68ed42d4b2a0898544ec077 (patch)
tree	a6030c5388ea800234bfa80fbc7493ec47c90e12 /lib/ssl/doc/src/ssl_app.xml
parent	f05074ac001a5f81f98c08d8812850a7d0b9ab18 (diff)
parent	6a38adea390ff4c04103037a5fbd9044c6da12ad (diff)
download	otp-29d14ac3cd705d71e68ed42d4b2a0898544ec077.tar.gz otp-29d14ac3cd705d71e68ed42d4b2a0898544ec077.tar.bz2 otp-29d14ac3cd705d71e68ed42d4b2a0898544ec077.zip