2 files changed, 156 insertions, 7 deletions

diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 9d498c0fdc..bb111c8e0e 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -30,6 +30,140 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 4.1.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Add a 1024 group to the list of key group-exchange groups</p>
+          <p>
+	    Own Id: OTP-13046</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Ssh 4.1.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    A new option <c>max_channels</c> limits the number of
+	    channels with active server-side subsystems that are
+	    accepted.</p>
+          <p>
+	    Own Id: OTP-13036</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Ssh 4.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Send an understandable disconnect message when the key
+	    exchange phase can't find a common algorithm. There are
+	    also some test cases added.</p>
+          <p>
+	    Own Id: OTP-11531</p>
+        </item>
+        <item>
+          <p>
+	    The third parameter in <c>ssh_sftp:write_file</c> is now
+	    accepting iolists again. Unicode handling adjusted.</p>
+          <p>
+	    Own Id: OTP-12853 Aux Id: seq12891 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    First part of ssh test suite re-organization and
+	    extension.</p>
+          <p>
+	    Own Id: OTP-12230</p>
+        </item>
+        <item>
+          <p>
+	    The key exchange algorithms 'ecdh-sha2-nistp256',
+	    'ecdh-sha2-nistp384' and 'ecdh-sha2-nistp521' are
+	    implemented. See RFC 5656.</p>
+          <p>
+	    This raises the security level considerably.</p>
+          <p>
+	    Own Id: OTP-12622 Aux Id: OTP-12671, OTP-12672 </p>
+        </item>
+        <item>
+          <p>
+	    The key exchange algorithm 'diffie-hellman-group14-sha1'
+	    is implemented. See RFC 4253.</p>
+          <p>
+	    This raises the security level.</p>
+          <p>
+	    Own Id: OTP-12671 Aux Id: OTP-12672, OTP-12622 </p>
+        </item>
+        <item>
+          <p>
+	    The key exchange algorithms
+	    'diffie-hellman-group-exchange-sha1' and
+	    'diffie-hellman-group-exchange-sha256' are implemented.
+	    See RFC 4419.</p>
+          <p>
+	    This raises the security level.</p>
+          <p>
+	    Own Id: OTP-12672 Aux Id: OTP-12671, OTP-12622 </p>
+        </item>
+        <item>
+          <p>
+	    Adding random length extra padding as recommended in RFC
+	    4253 section 6.</p>
+          <p>
+	    Own Id: OTP-12831</p>
+        </item>
+        <item>
+          <p>
+	    New test library for low-level protocol testing. There is
+	    also a test suite using it for some preliminary tests.
+	    The intention is to build on that for more testing of
+	    individual ssh messages. See
+	    <c>lib/ssh/test/ssh_trpt_test_lib.erl</c> and
+	    <c>ssh_protocol_SUITE.erl</c> in the same directory.</p>
+          <p>
+	    Own Id: OTP-12858</p>
+        </item>
+        <item>
+          <p>
+	    Increased default values for
+	    diffie-hellman-group-exchange-sha* to Min = 1024, N =
+	    6144, Max = 8192.</p>
+          <p>
+	    Added 6144 and 8192 bit default gex groups.</p>
+          <p>
+	    Own Id: OTP-12937</p>
+        </item>
+        <item>
+          <p>
+	    The mac algorithm 'hmac-sha2-512' is implemented. See RFC
+	    6668.</p>
+          <p>
+	    Own Id: OTP-12938</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 4.0</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index cf5e8f1aff..2b190c98b6 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -40,18 +40,24 @@
     <list type="bulleted">
       <item>For application dependencies see <seealso marker="SSH_app"> ssh(6)</seealso> </item>
       <item>Supported SSH version is 2.0.</item>
-      <item>Supported public key algorithms: ssh-rsa and ssh-dss.</item>
-      <item>Supported MAC algorithms: hmac-sha2-256 and hmac-sha1.</item>
-      <item>Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc.</item>
-      <item>Supported key exchange algorithms: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256.</item>
-      <item>Supported compression algorithms: none, zlib, [email protected],</item>
+      <item>Supported public key algorithms: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa and ssh-dss.</item>
+      <item>Supported MAC algorithms: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.</item>
+      <item>Supported encryption algorithms: aes256-ctr, aes192-ctr, aes128-ctr, aes128-cb and 3des-cbc.</item>
+      <item>Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256 and diffie-hellman-group1-sha1</item>
+      <item>Supported compression algorithms: none, [email protected] and zlib</item>
       <item>Supports unicode filenames if the emulator and the underlaying OS support it.
       See section DESCRIPTION in the
       <seealso marker="kernel:file">file</seealso> manual page in <c>kernel</c>
       for information about this subject.</item>
       <item>Supports unicode in shell and CLI.</item>
     </list>
- 
+    <p>The actual set of algorithms can vary depending on which OpenSSL crypto library that is installed on the machine.
+    For the list on a particular installation, use the command <seealso marker="#default_algorithms/0">default_algorithms/0</seealso>. 
+    The user may override the default algorithm configuration both on the server side and the client side.
+    See the option preferred_algorithms in the <seealso marker="#daemon/1">daemon</seealso> and
+    <seealso marker="#connect/3">connect</seealso> functions.
+</p>
+    
   </section>
   
   <section>
@@ -243,7 +249,7 @@ kex is implicit but public_key is set explicitly.</p>
 	  <tag><c><![CDATA[{dh_gex_limits,{Min=integer(),I=integer(),Max=integer()}}]]></c></tag>
 	  <item>
 	    <p>Sets the three diffie-hellman-group-exchange parameters that guides the connected server in choosing a group.
-	    See RFC 4419 for the function of thoose.  The default value is <c>{512, 1024, 4096}</c>.
+	    See RFC 4419 for the function of thoose.  The default value is <c>{1024, 6144, 8192}</c>.
 	    </p>
 	  </item>
 
@@ -501,6 +507,15 @@ kex is implicit but public_key is set explicitly.</p>
 	    </p>
 	  </item>
 
+	  <tag><c><![CDATA[{max_channels, pos_integer()}]]></c></tag>
+	  <item>
+	    <p>The maximum number of channels with active remote subsystem that are accepted for
+	    each connection to this daemon</p>
+	    <p>By default, this option is not set. This means that the number is not limited.
+	    </p>
+	  </item>
+
+
 	  <tag><c><![CDATA[{parallel_login, boolean()}]]></c></tag>
 	  <item>
 	    <p>If set to false (the default value), only one login is handled at a time.