diff options
author | Erlang/OTP <[email protected]> | 2017-05-04 17:05:25 +0200 |
---|---|---|
committer | Erlang/OTP <[email protected]> | 2017-05-04 17:05:25 +0200 |
commit | dc57404252c47520f352834ad9be45ad684f96c9 (patch) | |
tree | 4b45d3ddf960372ffff4d08e3eeed171b2903bd3 /lib/ssl | |
parent | 4261ee2caae48ad7e215144c5abbfd34fffb35e5 (diff) | |
download | otp-dc57404252c47520f352834ad9be45ad684f96c9.tar.gz otp-dc57404252c47520f352834ad9be45ad684f96c9.tar.bz2 otp-dc57404252c47520f352834ad9be45ad684f96c9.zip |
Prepare release
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/doc/src/notes.xml | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index d8e26d635f..88ba12b83b 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -28,6 +28,81 @@ <p>This document describes the changes made to the SSL application.</p> +<section><title>SSL 8.2</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + TLS-1.2 clients will now always send hello messages on + its own format, as opposed to earlier versions that will + send the hello on the lowest supported version, this is a + change supported by the latest RFC.</p> + <p> + This will make interoperability with some newer servers + smoother. Potentially, but unlikely, this could cause a + problem with older servers if they do not adhere to the + RFC and ignore unknown extensions.</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-13820</p> + </item> + <item> + <p> + Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in + order to satisfy specific security requirements (mostly + by different parts of the US federal government). </p> + <p> + See the new crypto users guide "FIPS mode" chapter about + building and using the FIPS support which is disabled by + default.</p> + <p> + (Thanks to dszoboszlay and legoscia)</p> + <p> + Own Id: OTP-13921 Aux Id: PR-1180 </p> + </item> + <item> + <p> + Implemented DTLS cookie generation, requiered by spec, + instead of using hardcode value.</p> + <p> + Own Id: OTP-14076</p> + </item> + <item> + <p> + Extend connection_information/[1,2] . The values + session_id, master_secret, client_random and + server_random can no be accessed by + connection_information/2. Note only session_id will be + added to connection_information/1. The rational is that + values concerning the connection security should have to + be explicitly requested.</p> + <p> + Own Id: OTP-14291</p> + </item> + <item> + <p> + Chacha cipher suites are currently not tested enough to + be most prefered ones</p> + <p> + Own Id: OTP-14382</p> + </item> + <item> + <p> + Basic support for DTLS that been tested together with + OpenSSL.</p> + <p> + Test by providing the option {protocol, dtls} to the ssl + API functions connect and listen.</p> + <p> + Own Id: OTP-14388</p> + </item> + </list> + </section> + +</section> + <section><title>SSL 8.1.2</title> <section><title>Fixed Bugs and Malfunctions</title> |