Prepare release

1 files changed, 109 insertions, 0 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index e9b523d9e1..5fb76c1f62 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -28,6 +28,115 @@
   <p>This document describes the changes made to the SSL application.</p>
 
 
+<section><title>SSL 8.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Timeouts may have the value 0, gauards have been
+	    corrected to allow this</p>
+          <p>
+	    Own Id: OTP-13635</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Remove default support for DES cipher suites</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-13195</p>
+        </item>
+        <item>
+          <p>
+	    Deprecate the function crypto:rand_bytes and make sure
+	    that crypto:strong_rand_bytes is used in all places that
+	    are cryptographically significant.</p>
+          <p>
+	    Own Id: OTP-13214</p>
+        </item>
+        <item>
+          <p>
+	    Better error handling of user error during TLS upgrade.
+	    ERL-69 is solved by gen_statem rewrite of ssl
+	    application.</p>
+          <p>
+	    Own Id: OTP-13255</p>
+        </item>
+        <item>
+          <p>
+	    Provide user friendly error message when crypto rejects a
+	    key</p>
+          <p>
+	    Own Id: OTP-13256</p>
+        </item>
+        <item>
+          <p>
+	    TLS distribution connections now allow specifying the
+	    options <c>verify_fun</c>, <c>crl_check</c> and
+	    <c>crl_cache</c>. See the documentation. GitHub pull req
+	    #956 contributed by Magnus Henoch.</p>
+          <p>
+	    Own Id: OTP-13429 Aux Id: Pull#956 </p>
+        </item>
+        <item>
+          <p>
+	    Remove confusing error message when closing a distributed
+	    erlang node running over TLS</p>
+          <p>
+	    Own Id: OTP-13431</p>
+        </item>
+        <item>
+          <p>
+	    ssl now uses gen_statem instead of gen_fsm to implement
+	    the ssl connection process, this solves some timing
+	    issues in addtion to making the code more intuitive as
+	    the behaviour can be used cleanly instead of having a lot
+	    of workaround for shortcomings of the behaviour.</p>
+          <p>
+	    Own Id: OTP-13464</p>
+        </item>
+        <item>
+          <p>
+	    Correct ssl:prf/5 to use the negotiated cipher suites prf
+	    function in ssl:prf/5 instead of the default prf.</p>
+          <p>
+	    Own Id: OTP-13546</p>
+        </item>
+        <item>
+          <p>
+	    Some legacy TLS 1.0 software does not tolerate the 1/n-1
+	    content split BEAST mitigation technique. Add a
+	    beast_mitigation SSL option (defaulting to
+	    one_n_minus_one) to select or disable the BEAST
+	    mitigation technique.</p>
+          <p>
+	    Own Id: OTP-13629</p>
+        </item>
+        <item>
+          <p>
+	    Enhance error log messages to facilitate for users to
+	    understand the error</p>
+          <p>
+	    Own Id: OTP-13632</p>
+        </item>
+        <item>
+          <p>
+	    Incresed default DH params to 2048-bit</p>
+          <p>
+	    Own Id: OTP-13636</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SSL 7.3.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>