aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2013-01-29 11:38:41 +0100
committerErlang/OTP <[email protected]>2013-01-29 11:38:41 +0100
commit68b804f34d4ec420d86953e3f519179a40fbee8f (patch)
treeb27effe40c97a3cad92f0a685ccb73858772819e /lib/ssl
parent510207b2200e66f6b2b0a4e8314912c8f3e05b72 (diff)
downloadotp-68b804f34d4ec420d86953e3f519179a40fbee8f.tar.gz
otp-68b804f34d4ec420d86953e3f519179a40fbee8f.tar.bz2
otp-68b804f34d4ec420d86953e3f519179a40fbee8f.zip
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/doc/src/notes.xml112
1 files changed, 111 insertions, 1 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 73cda03b2f..299850333d 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -26,7 +26,117 @@
</header>
<p>This document describes the changes made to the SSL application.</p>
- <section><title>SSL 5.1.2</title>
+ <section><title>SSL 5.2</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ SSL: TLS 1.2, advertise sha224 support, thanks to Andreas
+ Schultz.</p>
+ <p>
+ Own Id: OTP-10586</p>
+ </item>
+ <item>
+ <p>
+ If an ssl server is restarted with new options and a
+ client tries to reuse a session the server must make sure
+ that it complies to the new options before agreeing to
+ reuse it.</p>
+ <p>
+ Own Id: OTP-10595</p>
+ </item>
+ <item>
+ <p>
+ Now handles cleaning of CA-certificate database correctly
+ so that there will be no memory leek, bug was introduced
+ in ssl- 5.1 when changing implementation to increase
+ parallel execution.</p>
+ <p>
+ Impact: Improved memory usage, especially if you have
+ many different certificates and upgrade tcp-connections
+ to TLS-connections.</p>
+ <p>
+ Own Id: OTP-10710</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Support Next Protocol Negotiation in TLS, thanks to Ben
+ Murphy for the contribution.</p>
+ <p>
+ Impact: Could give performance benefit if used as it
+ saves a round trip.</p>
+ <p>
+ Own Id: OTP-10361 Aux Id: kunagi-214 [125] </p>
+ </item>
+ <item>
+ <p>
+ TLS 1.2 will now be the default TLS version if sufficient
+ crypto support is available otherwise TLS 1.1 will be
+ default.</p>
+ <p>
+ Impact: A default TLS connection will have higher
+ security and hence it may be perceived as slower then
+ before.</p>
+ <p>
+ Own Id: OTP-10425 Aux Id: kunagi-275 [186] </p>
+ </item>
+ <item>
+ <p>
+ It is now possible to call controlling_process on a
+ listen socket, same as in gen_tcp.</p>
+ <p>
+ Own Id: OTP-10447</p>
+ </item>
+ <item>
+ <p>
+ Remove filter mechanisms that made error messages
+ backwards compatible with old ssl but hid information
+ about what actually happened.</p>
+ <p>
+ This does not break the documented API however other
+ reason terms may be returned, so code that matches on the
+ reason part of {error, Reason} may fail.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-10451 Aux Id: kunagi-270 [181] </p>
+ </item>
+ <item>
+ <p>
+ Added missing dependencies to Makefile</p>
+ <p>
+ Own Id: OTP-10594</p>
+ </item>
+ <item>
+ <p>
+ Removed deprecated function ssl:pid/0, it has been
+ pointless since R14 but has been keep for backwards
+ compatibility.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-10613 Aux Id: kunagi-331 [242] </p>
+ </item>
+ <item>
+ <p>
+ Refactor to simplify addition of key exchange methods,
+ thanks to Andreas Schultz.</p>
+ <p>
+ Own Id: OTP-10709</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>SSL 5.1.2</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>