aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2015-06-23 10:24:26 +0200
committerErlang/OTP <[email protected]>2015-06-23 10:24:26 +0200
commit2955ddebc32837b66d9bacb4e925ad0ed0033168 (patch)
treed6bff1708a209ee317a1d1bbb78d237a999bfd23 /lib/ssl/doc/src
parent7cff27e14e051b6ee15f564335eb8e685e1639c1 (diff)
downloadotp-2955ddebc32837b66d9bacb4e925ad0ed0033168.tar.gz
otp-2955ddebc32837b66d9bacb4e925ad0ed0033168.tar.bz2
otp-2955ddebc32837b66d9bacb4e925ad0ed0033168.zip
Prepare release
Diffstat (limited to 'lib/ssl/doc/src')
-rw-r--r--lib/ssl/doc/src/notes.xml83
1 files changed, 82 insertions, 1 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 43ed006781..b87b1b4fa7 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -26,7 +26,88 @@
<file>notes.xml</file>
</header>
<p>This document describes the changes made to the SSL application.</p>
- <section><title>SSL 6.0.1</title>
+ <section><title>SSL 7.0</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Ignore signature_algorithm (TLS 1.2 extension) sent to
+ TLS 1.0 or TLS 1.1 server</p>
+ <p>
+ Own Id: OTP-12670</p>
+ </item>
+ <item>
+ <p>
+ Improve error handling in TLS distribution module to
+ avoid lingering sockets.</p>
+ <p>
+ Own Id: OTP-12799 Aux Id: Tom Briden </p>
+ </item>
+ <item>
+ <p>
+ Add option {client_renegotiation, boolean()} option to
+ the server-side of the SSL application.</p>
+ <p>
+ Own Id: OTP-12815</p>
+ </item>
+ <item>
+ <p>
+ Gracefully ignore proprietary hash_sign algorithms</p>
+ <p>
+ Own Id: OTP-12829</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Add new API functions to handle CRL-verification</p>
+ <p>
+ Own Id: OTP-10362 Aux Id: kunagi-215 [126] </p>
+ </item>
+ <item>
+ <p>
+ Remove default support for SSL-3.0, due to Poodle
+ vunrability in protocol specification.</p>
+ <p>
+ Add padding check for TLS-1.0 to remove Poodle
+ vunrability from TLS 1.0, also add the option
+ padding_check. This option only affects TLS-1.0
+ connections and if set to false it disables the block
+ cipher padding check to be able to interoperate with
+ legacy software.</p>
+ <p>
+ Remove default support for RC4 cipher suites, as they are
+ consider too weak.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-12390</p>
+ </item>
+ <item>
+ <p>
+ Add support for TLS ALPN (Application-Layer Protocol
+ Negotiation) extension.</p>
+ <p>
+ Own Id: OTP-12580</p>
+ </item>
+ <item>
+ <p>
+ Add SNI (Server Name Indication) support for the server
+ side.</p>
+ <p>
+ Own Id: OTP-12736</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>SSL 6.0.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>