aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2015-08-25 18:19:38 +0200
committerIngela Anderton Andin <[email protected]>2015-09-16 10:02:16 +0200
commit1b06210c16465bcb995b0a54ba1b24ef1de3c5a4 (patch)
treec8e736ac8064035b1a43c9fe03e4dcb8e8ef6ddc /lib/ssl/doc/src
parent0d2bebf94d99b2d3bd39c5731ac81122f3ea7fb7 (diff)
downloadotp-1b06210c16465bcb995b0a54ba1b24ef1de3c5a4.tar.gz
otp-1b06210c16465bcb995b0a54ba1b24ef1de3c5a4.tar.bz2
otp-1b06210c16465bcb995b0a54ba1b24ef1de3c5a4.zip
ssl: Improve shutdown logic
Add possibility to downgrade an SSL/TLS connection to a tcp connection, and give back the socket control to a user process. Add application setting to be able to change fatal alert shutdown timeout, also shorten the default timeout. The fatal alert timeout is the number of milliseconds between sending of a fatal alert and closing the connection. Waiting a little while improves the peers chances to properly receiving the alert so it may shutdown gracefully.
Diffstat (limited to 'lib/ssl/doc/src')
-rw-r--r--lib/ssl/doc/src/ssl.xml15
-rw-r--r--lib/ssl/doc/src/ssl_app.xml11
2 files changed, 26 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 6c977bdb74..22ac98c24e 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -766,6 +766,21 @@ fun(srp, Username :: string(), UserState :: term()) ->
</func>
<func>
+ <name>close(SslSocket, How) -> ok | {ok, port()} | {error, Reason}</name>
+ <fsummary>Closes an SSL connection.</fsummary>
+ <type>
+ <v>SslSocket = sslsocket()</v>
+ <v>How = timeout() | {NewController::pid(), timeout()} </v>
+ <v>Reason = term()</v>
+ </type>
+ <desc><p>Closes or downgrades an SSL connection, in the later case the transport
+ connection will be handed over to the <c>NewController</c> process after reciving
+ the TLS close alert from the peer. The retuned transport socket will have
+ the following options set [{active, false}, {packet, 0}, {mode, binary}].</p>
+ </desc>
+ </func>
+
+ <func>
<name>connection_info(SslSocket) ->
{ok, {ProtocolVersion, CipherSuite}} | {error, Reason}</name>
<fsummary>Returns the Negotiated Protocol version and cipher suite.
diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
index 2b6dc7e8be..51ce0cedf1 100644
--- a/lib/ssl/doc/src/ssl_app.xml
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -87,6 +87,17 @@
marker="ssl#clear_pem_cache-0">ssl:clear_pem_cache/0</seealso>
</item>
+ <tag><c><![CDATA[alert_timeout = integer() <optional>]]></c></tag>
+ <item>
+ <p>
+ Number of milliseconds between sending of a fatal alert and
+ closing the connection. Waiting a little while improves the
+ peers chances to properly receiving the alert so it may
+ shutdown gracefully. Defaults to 5000 milliseconds.
+ </p>
+ </item>
+
+
</taglist>
</section>