2 files changed, 39 insertions, 154 deletions

diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 87ebfc3c6a..d0ed674eee 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -30,144 +30,6 @@
     <file>notes.xml</file>
   </header>
 
-<section><title>Ssh 4.7</title>
-
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-          <p>
-	    Updated ssh_connection:shell/2 documentation.</p>
-          <p>
-	    Own Id: OTP-14880</p>
-        </item>
-        <item>
-          <p>
-	    If the daemon port listener is restarted, it could
-	    potentially fail with <c>eaddrinuse</c> if the timing is
-	    unlucky. It will now retry and exponentially back off the
-	    listener restart a few times before failing.</p>
-          <p>
-	    Own Id: OTP-14955</p>
-        </item>
-        <item>
-          <p>
-	    A channel callback module always got the module name as
-	    reason in a call to terminate. Now it will get the proper
-	    Reason, usually 'normal'.</p>
-          <p>
-	    Own Id: OTP-15084</p>
-        </item>
-      </list>
-    </section>
-
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-	    An option <c>exec</c> for daemons implementing the 'exec'
-	    has existed a long time but has been undocumented. The
-	    old behaviour is kept for compatibility EXCEPT that error
-	    messages are changed and are sent as "stderror" text.</p>
-          <p>
-	    A new option value is defined to make it much more easy
-	    to implement an own <c>exec</c> server.</p>
-          <p>
-	    *** POTENTIAL INCOMPATIBILITY ***</p>
-          <p>
-	    Own Id: OTP-14851</p>
-        </item>
-        <item>
-          <p>
-	    The undocumented ssh_dbg module is completely re-written
-	    to facilitate tracing/debugging.</p>
-          <p>
-	    Own Id: OTP-14896</p>
-        </item>
-        <item>
-          <p>
-	    The SSH supervisor structure has been slightly changed.
-	    This makes stopping the ssh application considerably
-	    faster if there are open connections. This is important
-	    in for example restarts.</p>
-          <p>
-	    Own Id: OTP-14988</p>
-        </item>
-        <item>
-          <p>
-	    The type specifications in SSH are reworked and the
-	    following types are renamed:</p>
-          <p>
-	    ssh:ssh_connection_ref() is changed to
-	    ssh:connection_ref(), </p>
-          <p>
-	    ssh:ssh_daemon_ref() is changed to ssh:daemon_ref(),</p>
-          <p>
-	    ssh:ssh_channel_id() is changed to ssh:channel_id().</p>
-          <p>
-	    *** POTENTIAL INCOMPATIBILITY ***</p>
-          <p>
-	    Own Id: OTP-15002 Aux Id: OTP-15030 </p>
-        </item>
-        <item>
-          <p>
-	    The internal timer handling in SSH is now based on the
-	    gen_statem timers.</p>
-          <p>
-	    Own Id: OTP-15019</p>
-        </item>
-        <item>
-          <p>
-	    Removed unused <c>ssh_client_key.erl</c> and
-	    <c>ssh_server_key.erl</c>.</p>
-          <p>
-	    Own Id: OTP-15028</p>
-        </item>
-        <item>
-          <p>
-	    The Reference Manual pages are partly updated.</p>
-          <p>
-	    The ssh page is now generated from specs and types, is
-	    restructured and is partly rephrased.</p>
-          <p>
-	    The ssh_channel, ssh_connection, ssh_client_key_api,
-	    ssh_server_key_api and ssh_sftp pages are updated with
-	    links, correct type names and some minor changes.</p>
-          <p>
-	    Own Id: OTP-15030 Aux Id: OTP-15002 </p>
-        </item>
-        <item>
-          <p>
-	    The behaviors <c>ssh_channel</c> and
-	    <c>ssh_daemon_channel</c> are renamed to
-	    <c>ssh_client_channel</c> and <c>ssh_server_channel</c>
-	    respectively.</p>
-          <p>
-	    The old modules are kept for compatibility but should
-	    preferably be replaced when updating callback modules
-	    referring them.</p>
-          <p>
-	    Own Id: OTP-15041</p>
-        </item>
-        <item>
-          <p>
-	    The <c>rekey_limit</c> option could now set the max time
-	    as well as the previously max data amount.</p>
-          <p>
-	    Own Id: OTP-15069 Aux Id: ERL-617 </p>
-        </item>
-        <item>
-          <p>
-	    Change process exit supervision with monitor instead of
-	    link</p>
-          <p>
-	    Own Id: OTP-15082</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
 <section><title>Ssh 4.6.9</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml
index 6d180a5272..2ebd176e12 100644
--- a/lib/ssh/doc/src/ssh_app.xml
+++ b/lib/ssh/doc/src/ssh_app.xml
@@ -130,39 +130,47 @@
     For the list on a particular installation, use the command
     <seealso marker="ssh:ssh#default_algorithms/0">ssh:default_algorithms/0</seealso>. 
     The user may override the default algorithm configuration both on the server side and the client side.
-    See the option <c>preferred_algorithms</c> in the <seealso marker="ssh:ssh#daemon/1">ssh:daemon/1,2,3</seealso> and
+    See the options
+    <seealso marker="ssh:ssh#type-preferred_algorithms_common_option">preferred_algorithms</seealso>
+    and
+    <seealso marker="ssh:ssh#type-modify_algorithms_common_option">modify_algorithms</seealso>
+    in the <seealso marker="ssh:ssh#daemon/1">ssh:daemon/1,2,3</seealso> and
     <seealso marker="ssh:ssh#connect/3">ssh:connect/3,4</seealso> functions.
     </p>
 
-    <p>Supported algorithms are:</p>
+    <p>Supported algorithms are (in the default order):</p>
     <marker id="supported_algos"></marker>
     <taglist>
       <tag>Key exchange algorithms</tag>
       <item>
 	<list type="bulleted">
-	  <item>ecdh-sha2-nistp256</item>
 	  <item>ecdh-sha2-nistp384</item>
 	  <item>ecdh-sha2-nistp521</item>
-	  <item>diffie-hellman-group-exchange-sha1</item>
+	  <item>ecdh-sha2-nistp256</item>
 	  <item>diffie-hellman-group-exchange-sha256</item>
-	  <item>diffie-hellman-group14-sha1</item>
-	  <item>diffie-hellman-group14-sha256</item>
 	  <item>diffie-hellman-group16-sha512</item>
 	  <item>diffie-hellman-group18-sha512</item>
-	  <item>(diffie-hellman-group1-sha1, retired: can be enabled with the <c>preferred_algorithms</c> option)</item>
+	  <item>diffie-hellman-group14-sha256</item>
+	  <item>diffie-hellman-group14-sha1</item>
+	  <item>diffie-hellman-group-exchange-sha1</item>
+	  <item>(diffie-hellman-group1-sha1, retired: It can be enabled with the 
+    <seealso marker="ssh:ssh#type-preferred_algorithms_common_option">preferred_algorithms</seealso>
+    or
+    <seealso marker="ssh:ssh#type-modify_algorithms_common_option">modify_algorithms</seealso>
+    options)</item>
 	</list>
       </item>
 
       <tag>Public key algorithms</tag>
       <item>
 	<list type="bulleted">
-	  <item>ecdsa-sha2-nistp256</item>
 	  <item>ecdsa-sha2-nistp384</item>
 	  <item>ecdsa-sha2-nistp521</item>
+	  <item>ecdsa-sha2-nistp256</item>
 	  <item>ssh-rsa</item>
-	  <item>ssh-dss</item>
 	  <item>rsa-sha2-256</item>
 	  <item>rsa-sha2-512</item>
+	  <item>ssh-dss</item>
 	</list>
       </item>
 
@@ -178,11 +186,11 @@
       <tag>Encryption algorithms (ciphers)</tag>
       <item>
 	<list type="bulleted">
-          <item>[email protected]</item>
           <item>[email protected]</item>
-	  <item>aes128-ctr</item>
-	  <item>aes192-ctr</item>
 	  <item>aes256-ctr</item>
+	  <item>aes192-ctr</item>
+          <item>[email protected]</item>
+	  <item>aes128-ctr</item>
 	  <item>aes128-cbc</item>
 	  <item>3des-cbc</item>
 	  <item>(AEAD_AES_128_GCM, not enabled per default)</item>
@@ -241,7 +249,11 @@
       <item><url href="https://tools.ietf.org/html/rfc4253">RFC 4253</url>, The Secure Shell (SSH) Transport Layer Protocol.
       <p>Except</p>
       <list type="bulleted">
-	<item>8.1.  diffie-hellman-group1-sha1. Disabled by default, can be enabled with the <c>preferred_algorithms</c> option.</item>
+	<item>8.1.  diffie-hellman-group1-sha1. Disabled by default, can be enabled with the 
+	<seealso marker="ssh:ssh#type-preferred_algorithms_common_option">preferred_algorithms</seealso>
+	or
+	<seealso marker="ssh:ssh#type-modify_algorithms_common_option">modify_algorithms</seealso>
+	options.</item>
       </list>
       <p/>
       </item>
@@ -280,7 +292,10 @@
       <p><marker id="rfc5647_note"/>There is an ambiguity in the synchronized selection of cipher and mac algorithm. 
       This is resolved by OpenSSH in the ciphers [email protected] and [email protected] which are implemented.
       If the explicit ciphers and macs AEAD_AES_128_GCM or AEAD_AES_256_GCM are needed, 
-      they could be enabled with the option preferred_algorithms.
+      they could be enabled with the options
+      <seealso marker="ssh:ssh#type-preferred_algorithms_common_option">preferred_algorithms</seealso>
+      or
+      <seealso marker="ssh:ssh#type-modify_algorithms_common_option">modify_algorithms</seealso>.
       </p>
       <warning>
 	<p>
@@ -322,10 +337,18 @@
       <p>Deviations:</p>
       <list type="bulleted">
 	<item>The <c>diffie-hellman-group1-sha1</c> is not enabled by default, but is still supported and can be enabled
-	with the option <c>preferred-algorithms</c></item>
+	with the options
+	<seealso marker="ssh:ssh#type-preferred_algorithms_common_option">preferred_algorithms</seealso>
+	or
+	<seealso marker="ssh:ssh#type-modify_algorithms_common_option">modify_algorithms</seealso>.
+	</item>
 	<item>The questionable sha1-based algorithms <c>diffie-hellman-group-exchange-sha1</c> and
 	<c>diffie-hellman-group14-sha1</c> are still enabled by default for compatibility with ancient clients and servers.
-	They can be disabled with the option <c>preferred-algorithms</c></item>
+	They can be disabled with the options
+	<seealso marker="ssh:ssh#type-preferred_algorithms_common_option">preferred_algorithms</seealso>
+	or
+	<seealso marker="ssh:ssh#type-modify_algorithms_common_option">modify_algorithms</seealso>.
+	They will be disabled by default when the draft is turned into an RFC.</item>
       </list>
       <p/>
       </item>