diff options
| author | Henrik Nord <[email protected]> | 2018-09-25 08:42:59 +0200 | 
|---|---|---|
| committer | Henrik Nord <[email protected]> | 2018-09-25 08:42:59 +0200 | 
| commit | e6c3dd9f701d354c06b9b1b043a3d7e9cc050b1c (patch) | |
| tree | a27c6c89bba769d5a6467b0a51df0c9adb8e9e47 /lib/ssl/doc/src | |
| parent | 494cb3be4a98653c212d673008085bc3ea70dc7e (diff) | |
| parent | 377f19f25aeec6939a6728bd0c4910086c22ccdc (diff) | |
| download | otp-e6c3dd9f701d354c06b9b1b043a3d7e9cc050b1c.tar.gz otp-e6c3dd9f701d354c06b9b1b043a3d7e9cc050b1c.tar.bz2 otp-e6c3dd9f701d354c06b9b1b043a3d7e9cc050b1c.zip | |
Merge branch 'maint'
Diffstat (limited to 'lib/ssl/doc/src')
| -rw-r--r-- | lib/ssl/doc/src/notes.xml | 117 | 
1 files changed, 117 insertions, 0 deletions
| diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 42cc499fc2..c54acfcf53 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,6 +27,123 @@    </header>    <p>This document describes the changes made to the SSL application.</p> +<section><title>SSL 9.0.2</title> + +    <section><title>Fixed Bugs and Malfunctions</title> +      <list> +        <item> +          <p> +	    Use separate processes for sending and receiving +	    application data for TLS connections to avoid potential +	    deadlock that was most likely to occur when using TLS for +	    Erlang distribution. Note does not change the API.</p> +          <p> +	    Own Id: OTP-15122</p> +        </item> +        <item> +          <p> +	    Correct handling of empty server SNI extension</p> +          <p> +	    Own Id: OTP-15168</p> +        </item> +        <item> +          <p> +	    Correct PSK cipher suite handling and add +	    selected_cipher_suite to connection information</p> +          <p> +	    Own Id: OTP-15172</p> +        </item> +        <item> +          <p> +	    Adopt to the fact that cipher suite sign restriction are +	    relaxed in TLS-1.2</p> +          <p> +	    Own Id: OTP-15173</p> +        </item> +        <item> +          <p> +	    Enhance error handling of non existing PEM files</p> +          <p> +	    Own Id: OTP-15174</p> +        </item> +        <item> +          <p> +	    Correct close handling of transport accepted sockets in +	    the error state</p> +          <p> +	    Own Id: OTP-15216</p> +        </item> +        <item> +          <p> +	    Correct PEM cache to not add references to empty entries +	    when PEM file does not exist.</p> +          <p> +	    Own Id: OTP-15224</p> +        </item> +        <item> +          <p> +	    Correct handling of all PSK cipher suites</p> +          <p> +	    Before only some PSK suites would be correctly negotiated +	    and most PSK ciphers suites would fail the connection.</p> +          <p> +	    Own Id: OTP-15285</p> +        </item> +      </list> +    </section> + + +    <section><title>Improvements and New Features</title> +      <list> +        <item> +          <p> +	    TLS will now try to order certificate chains if they +	    appear to be unordered. That is prior to TLS 1.3, +	    “certificate_list” ordering was required to be +	    strict, however some implementations already allowed for +	    some flexibility. For maximum compatibility, all +	    implementations SHOULD be prepared to handle potentially +	    extraneous certificates and arbitrary orderings from any +	    TLS version.</p> +          <p> +	    Own Id: OTP-12983</p> +        </item> +        <item> +          <p> +	    TLS will now try to reconstructed an incomplete +	    certificate chains from its local CA-database and use +	    that data for the certificate path validation. This +	    especially makes sense for partial chains as then the +	    peer might not send an intermediate CA as it is +	    considered the trusted root in that case.</p> +          <p> +	    Own Id: OTP-15060</p> +        </item> +        <item> +          <p> +	    Option keyfile defaults to certfile and should be trumped +	    with key. This failed for engine keys.</p> +          <p> +	    Own Id: OTP-15193</p> +        </item> +        <item> +          <p> +	    Error message improvement when own certificate has +	    decoding issues, see also issue ERL-668.</p> +          <p> +	    Own Id: OTP-15234</p> +        </item> +        <item> +          <p> +	    Correct dialyzer spec for key option</p> +          <p> +	    Own Id: OTP-15281</p> +        </item> +      </list> +    </section> + +</section> +  <section><title>SSL 9.0.1</title>      <section><title>Fixed Bugs and Malfunctions</title> | 
