aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-05-08 10:43:24 +0200
committerIngela Anderton Andin <[email protected]>2013-05-08 10:43:24 +0200
commit705e3b1137ebb2cfa1e729c9a4cf44638270f7e5 (patch)
tree800665a97cec32d894b822b0c9d3b4eeb7d51f8e /lib/ssl/doc
parent8e00f4ce7a49b2fd1da7e481dc0985703e4131a5 (diff)
parent19d511a10d5e258b8f2f876f7c12ffbf35174d89 (diff)
downloadotp-705e3b1137ebb2cfa1e729c9a4cf44638270f7e5.tar.gz
otp-705e3b1137ebb2cfa1e729c9a4cf44638270f7e5.tar.bz2
otp-705e3b1137ebb2cfa1e729c9a4cf44638270f7e5.zip
Merge branch 'ia/ssl/public_key/crypto/elliptic_curve/OTP-11009' into maint
* ia/ssl/public_key/crypto/elliptic_curve/OTP-11009: (39 commits) ssl: Fix dialyzer spec crypto: Remove debug printouts ssl: Only send ECC-hello extension if ECC-cipher suites are advertised ssl & public_key: Use standard name ssl & crypto: Generalize the remaining crypto API public_key: Add new API functions to the documentation ssl & public_key: Use new crypto API functions crypto: New API for ciphers crypto: Deprecate functions, update doc and specs ssl: Fix Curve selection ssl, crypto: Eliminate remaining mpint and EC resource key from API ssl, public_key, crypto: General generate_key and compute_key functions crypto: Add generic functions generate_key and compute_key crypto: Change ecdh_compute_key to have 3 arguments ssl: Improve extention handling ssl: test case fix ssl & public_key: API refinement public_key: use new crypto crypto: Fix ec_key resource to be upgradeable crypto: Combine ec_key_new into ecdh_generate_key ...
Diffstat (limited to 'lib/ssl/doc')
-rw-r--r--lib/ssl/doc/src/ssl.xml15
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index d5615fecfc..1645eb15f3 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -37,17 +37,21 @@
<list type="bulleted">
<item>ssl requires the crypto and public_key applications.</item>
<item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0,
- TLS-1.1 and TLS-1.2 (no support for elliptic curve cipher suites yet).</item>
+ TLS-1.1 and TLS-1.2.</item>
<item>For security reasons sslv2 is not supported.</item>
<item>Ephemeral Diffie-Hellman cipher suites are supported
but not Diffie Hellman Certificates cipher suites.</item>
+ <item>Elliptic Curve cipher suites are supported if crypto
+ supports it and named curves are used.
+ </item>
<item>Export cipher suites are not supported as the
U.S. lifted its export restrictions in early 2000.</item>
<item>IDEA cipher suites are not supported as they have
become deprecated by the latest TLS spec so there is not any
real motivation to implement them.</item>
- <item>CRL and policy certificate
- extensions are not supported yet. </item>
+ <item>CRL and policy certificate extensions are not supported
+ yet. However CRL verification is supported by public_key, only not integrated
+ in ssl yet. </item>
</list>
</section>
@@ -75,7 +79,7 @@
{fail_if_no_peer_cert, boolean()}
{depth, integer()} |
{cert, der_encoded()}| {certfile, path()} |
- {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}} |
+ {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}} |
{keyfile, path()} | {password, string()} |
{cacerts, [der_encoded()]} | {cacertfile, path()} |
|{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} |
@@ -125,6 +129,7 @@
<p><c>key_exchange() = rsa | dhe_dss | dhe_rsa | dh_anon
| psk | dhe_psk | rsa_psk | srp_anon | srp_dss | srp_rsa
+ | ecdh_anon | ecdh_ecdsa | ecdhe_ecdsa | ecdh_rsa | ecdhe_rsa
</c></p>
<p><c>cipher() = rc4_128 | des_cbc | '3des_ede_cbc'
@@ -157,7 +162,7 @@
<tag>{certfile, path()}</tag>
<item>Path to a file containing the user's certificate.</item>
- <tag>{key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}}</tag>
+ <tag>{key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}}</tag>
<item> The DER encoded users private key. If this option
is supplied it will override the keyfile option.</item>