aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorHenrik Nord <[email protected]>2015-04-01 10:44:19 +0200
committerHenrik Nord <[email protected]>2015-04-01 10:44:19 +0200
commitcc722af4d62d749d2a75155e91a2a1562aeb2a5a (patch)
tree2c380c9d094a62fa1c904d241471fbe5558a4e6c /lib/ssl
parent9b3dd127ea8070e81e21a0a94414f8e7847211e9 (diff)
parent545890576542e4be630df8772654b99bd0306f62 (diff)
downloadotp-cc722af4d62d749d2a75155e91a2a1562aeb2a5a.tar.gz
otp-cc722af4d62d749d2a75155e91a2a1562aeb2a5a.tar.bz2
otp-cc722af4d62d749d2a75155e91a2a1562aeb2a5a.zip
Merge tag 'OTP-17.5'
=== OTP-17.5 === Changed Applications: - asn1-3.0.4 - common_test-1.10 - compiler-5.0.4 - crypto-3.5 - debugger-4.0.3 - dialyzer-2.7.4 - diameter-1.9 - eldap-1.1.1 - erts-6.4 - hipe-3.11.3 - inets-5.10.6 - kernel-3.2 - mnesia-4.12.5 - observer-2.0.4 - os_mon-2.3.1 - public_key-0.23 - runtime_tools-1.8.16 - ssh-3.2 - ssl-6.0 - stdlib-2.4 - syntax_tools-1.6.18 - test_server-3.8 - tools-2.7.2 - wx-1.3.3 Unchanged Applications: - cosEvent-2.1.15 - cosEventDomain-1.1.14 - cosFileTransfer-1.1.16 - cosNotification-1.1.21 - cosProperty-1.1.17 - cosTime-1.1.14 - cosTransactions-1.2.14 - edoc-0.7.16 - erl_docgen-0.3.7 - erl_interface-3.7.20 - et-1.5 - eunit-2.2.9 - gs-1.5.16 - ic-4.3.6 - jinterface-1.5.12 - megaco-3.17.3 - odbc-2.10.22 - orber-3.7.1 - ose-1.0.2 - otp_mibs-1.0.10 - parsetools-2.0.12 - percept-0.8.10 - reltool-0.6.6 - sasl-2.4.1 - snmp-5.1.1 - typer-0.9.8 - webtool-0.8.10 - xmerl-1.3.7 Conflicts: OTP_VERSION erts/vsn.mk lib/ssl/vsn.mk
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/doc/src/notes.xml75
1 files changed, 74 insertions, 1 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 4349e5a456..352563700b 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -25,7 +25,80 @@
<file>notes.xml</file>
</header>
<p>This document describes the changes made to the SSL application.</p>
- <section><title>SSL 5.3.8</title>
+ <section><title>SSL 6.0</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Exclude self-signed trusted anchor certificates from
+ certificate prospective certification path according to
+ RFC 3280.</p>
+ <p>
+ This will avoid some unnecessary certificate processing.</p>
+ <p>
+ Own Id: OTP-12449</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Separate client and server session cache internally.</p>
+ <p>
+ Avoid session table growth when client starts many
+ connections in such a manner that many connections are
+ started before session reuse is possible. Only save a new
+ session in client if there is no equivalent session
+ already stored.</p>
+ <p>
+ Own Id: OTP-11365</p>
+ </item>
+ <item>
+ <p>
+ The PEM cache is now validated by a background process,
+ instead of always keeping it if it is small enough and
+ clearing it otherwise. That strategy required that small
+ caches where cleared by API function if a file changes on
+ disk.</p>
+ <p>
+ However export the API function to clear the cache as it
+ may still be useful.</p>
+ <p>
+ Own Id: OTP-12391</p>
+ </item>
+ <item>
+ <p>
+ Add padding check for TLS-1.0 to remove Poodle
+ vulnerability from TLS 1.0, also add the option
+ padding_check. This option only affects TLS-1.0
+ connections and if set to false it disables the block
+ cipher padding check to be able to interoperate with
+ legacy software.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-12420</p>
+ </item>
+ <item>
+ <p>
+ Add support for TLS_FALLBACK_SCSV used to prevent
+ undesired TLS version downgrades. If used by a client
+ that is vulnerable to the POODLE attack, and the server
+ also supports TLS_FALLBACK_SCSV, the attack can be
+ prevented.</p>
+ <p>
+ Own Id: OTP-12458</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>SSL 5.3.8</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>