1 files changed, 252 insertions, 2 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 5df2632149..49bbd5d27d 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2011</year>
+      <year>1999</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,7 +30,257 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 4.1.6</title>
+  <section><title>SSL 5.1.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    ssl:ssl_accept/2 timeout is no longer ignored</p>
+          <p>
+	    Own Id: OTP-10600</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.1.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    ssl:recv/3 could "loose" data when the timeout occurs. If
+	    the timout in ssl:connect or ssl:ssl_accept expired the
+	    ssl connection process was not terminated as it should,
+	    this due to gen_fsm:send_all_state_event timout is a
+	    client side time out. These timouts are now handled by
+	    the gen_fsm-procss instead.</p>
+          <p>
+	    Own Id: OTP-10569</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Better termination handling that avoids hanging.</p>
+          <p>
+	    Own Id: OTP-10574</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Sometimes the client process could receive an extra
+	    {error, closed} message after ssl:recv had returned
+	    {error, closed}.</p>
+          <p>
+	    Own Id: OTP-10118</p>
+        </item>
+        <item>
+          <p>
+	    ssl v3 alert number 41 (no_certificate_RESERVED) is now
+	    recognized</p>
+          <p>
+	    Own Id: OTP-10196</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Experimental support for TLS 1.1 is now available, will
+	    be officially supported from OTP-R16. Thanks to Andreas
+	    Schultz for implementing the first version.</p>
+          <p>
+	    Own Id: OTP-8871</p>
+        </item>
+        <item>
+          <p>
+	    Experimental support for TLS 1.2 is now available, will
+	    be officially supported from OTP-R16. Thanks to Andreas
+	    Schultz for implementing the first version.</p>
+          <p>
+	    Own Id: OTP-8872</p>
+        </item>
+        <item>
+          <p>
+	    Removed some bottlenecks increasing the applications
+	    parallelism especially for the client side.</p>
+          <p>
+	    Own Id: OTP-10113</p>
+        </item>
+        <item>
+          <p>
+	    Workaround for handling certificates that wrongly encode
+	    X509countryname in utf-8 when the actual value is a valid
+	    ASCCI value of length 2. Such certificates are accepted
+	    by many browsers such as Chrome and Fierfox so for
+	    interoperability reasons we will too.</p>
+          <p>
+	    Own Id: OTP-10222</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.0.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Robustness and improvement to distribution over SSL</p>
+          <p>
+	    Fix a bug where ssl_tls_dist_proxy would crash at caller
+	    timeout. Fix a bug where a timeout from the SSL layer
+	    would block the distribution indefinately. Run the proxy
+	    exclusively on the loopback interface. (Thanks to Paul
+	    Guyot)</p>
+          <p>
+	    Own Id: OTP-9915</p>
+        </item>
+        <item>
+          <p>
+	    Fix setup loop of SSL TLS dist proxy</p>
+          <p>
+	    Fix potential leak of processes waiting indefinately for
+	    data from closed sockets during socket setup phase.
+	    (Thanks to Paul Guyot)</p>
+          <p>
+	    Own Id: OTP-9916</p>
+        </item>
+        <item>
+          <p>
+	    Correct spelling of registered (Thanks to Richard
+	    Carlsson)</p>
+          <p>
+	    Own Id: OTP-9925</p>
+        </item>
+        <item>
+          <p>
+	    Added TLS PRF function to the SSL API for generation of
+	    additional key material from a TLS session. (Thanks to
+	    Andreas Schultz)</p>
+          <p>
+	    Own Id: OTP-10024</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Invalidation handling of sessions could cause the
+	    time_stamp field in the session record to be set to
+	    undefined crashing the session clean up process. This did
+	    not affect the connections but would result in that the
+	    session table would grow.</p>
+          <p>
+	    Own Id: OTP-9696 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Changed code to use ets:foldl and throw instead of
+	    ets:next traversal, avoiding the need to explicitly call
+	    ets:safe_fixtable. It was possible to get a badarg-crash
+	    under special circumstances.</p>
+          <p>
+	    Own Id: OTP-9703 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Send ssl_closed notification to active ssl user when a
+	    tcp error occurs.</p>
+          <p>
+	    Own Id: OTP-9734 Aux Id: seq11946 </p>
+        </item>
+        <item>
+          <p>
+	    If a passive receive was ongoing during a renegotiation
+	    the process evaluating ssl:recv could be left hanging for
+	    ever.</p>
+          <p>
+	    Own Id: OTP-9744</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Support for the old ssl implementation is dropped and the
+	    code is removed.</p>
+          <p>
+	    Own Id: OTP-7048</p>
+        </item>
+        <item>
+          <p>
+	    The erlang distribution can now be run over the new ssl
+	    implementation. All options can currently not be set but
+	    it is enough to replace to old ssl implementation.</p>
+          <p>
+	    Own Id: OTP-7053</p>
+        </item>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+          <p>
+	    Implements a CBC timing attack counter measure. Thanks to
+	    Andreas Schultz for providing the patch.</p>
+          <p>
+	    Own Id: OTP-9683</p>
+        </item>
+        <item>
+          <p>
+	    Mitigates an SSL/TLS Computational DoS attack by
+	    disallowing the client to renegotiate many times in a row
+	    in a short time interval, thanks to Tuncer Ayaz for
+	    alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9739</p>
+        </item>
+        <item>
+          <p>
+	    Implements the 1/n-1 splitting countermeasure to the
+	    Rizzo Duong BEAST attack, affects SSL 3.0 and TLS 1.0.
+	    Thanks to Tuncer Ayaz for alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9750</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>