diff options
author | Ingela Anderton Andin <[email protected]> | 2013-05-08 10:43:24 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2013-05-08 10:43:24 +0200 |
commit | 705e3b1137ebb2cfa1e729c9a4cf44638270f7e5 (patch) | |
tree | 800665a97cec32d894b822b0c9d3b4eeb7d51f8e /lib/ssl/doc/src | |
parent | 8e00f4ce7a49b2fd1da7e481dc0985703e4131a5 (diff) | |
parent | 19d511a10d5e258b8f2f876f7c12ffbf35174d89 (diff) | |
download | otp-705e3b1137ebb2cfa1e729c9a4cf44638270f7e5.tar.gz otp-705e3b1137ebb2cfa1e729c9a4cf44638270f7e5.tar.bz2 otp-705e3b1137ebb2cfa1e729c9a4cf44638270f7e5.zip |
Merge branch 'ia/ssl/public_key/crypto/elliptic_curve/OTP-11009' into maint
* ia/ssl/public_key/crypto/elliptic_curve/OTP-11009: (39 commits)
ssl: Fix dialyzer spec
crypto: Remove debug printouts
ssl: Only send ECC-hello extension if ECC-cipher suites are advertised
ssl & public_key: Use standard name
ssl & crypto: Generalize the remaining crypto API
public_key: Add new API functions to the documentation
ssl & public_key: Use new crypto API functions
crypto: New API for ciphers
crypto: Deprecate functions, update doc and specs
ssl: Fix Curve selection
ssl, crypto: Eliminate remaining mpint and EC resource key from API
ssl, public_key, crypto: General generate_key and compute_key functions
crypto: Add generic functions generate_key and compute_key
crypto: Change ecdh_compute_key to have 3 arguments
ssl: Improve extention handling
ssl: test case fix
ssl & public_key: API refinement
public_key: use new crypto
crypto: Fix ec_key resource to be upgradeable
crypto: Combine ec_key_new into ecdh_generate_key
...
Diffstat (limited to 'lib/ssl/doc/src')
-rw-r--r-- | lib/ssl/doc/src/ssl.xml | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index d5615fecfc..1645eb15f3 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -37,17 +37,21 @@ <list type="bulleted"> <item>ssl requires the crypto and public_key applications.</item> <item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0, - TLS-1.1 and TLS-1.2 (no support for elliptic curve cipher suites yet).</item> + TLS-1.1 and TLS-1.2.</item> <item>For security reasons sslv2 is not supported.</item> <item>Ephemeral Diffie-Hellman cipher suites are supported but not Diffie Hellman Certificates cipher suites.</item> + <item>Elliptic Curve cipher suites are supported if crypto + supports it and named curves are used. + </item> <item>Export cipher suites are not supported as the U.S. lifted its export restrictions in early 2000.</item> <item>IDEA cipher suites are not supported as they have become deprecated by the latest TLS spec so there is not any real motivation to implement them.</item> - <item>CRL and policy certificate - extensions are not supported yet. </item> + <item>CRL and policy certificate extensions are not supported + yet. However CRL verification is supported by public_key, only not integrated + in ssl yet. </item> </list> </section> @@ -75,7 +79,7 @@ {fail_if_no_peer_cert, boolean()} {depth, integer()} | {cert, der_encoded()}| {certfile, path()} | - {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}} | + {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}} | {keyfile, path()} | {password, string()} | {cacerts, [der_encoded()]} | {cacertfile, path()} | |{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} | @@ -125,6 +129,7 @@ <p><c>key_exchange() = rsa | dhe_dss | dhe_rsa | dh_anon | psk | dhe_psk | rsa_psk | srp_anon | srp_dss | srp_rsa + | ecdh_anon | ecdh_ecdsa | ecdhe_ecdsa | ecdh_rsa | ecdhe_rsa </c></p> <p><c>cipher() = rc4_128 | des_cbc | '3des_ede_cbc' @@ -157,7 +162,7 @@ <tag>{certfile, path()}</tag> <item>Path to a file containing the user's certificate.</item> - <tag>{key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}}</tag> + <tag>{key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}}</tag> <item> The DER encoded users private key. If this option is supplied it will override the keyfile option.</item> |