aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/notes.xml
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/doc/src/notes.xml')
-rw-r--r--lib/ssl/doc/src/notes.xml148
1 files changed, 147 insertions, 1 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index e090b4e1ef..1e1fe0d119 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,7 +30,153 @@
</header>
<p>This document describes the changes made to the SSL application.</p>
- <section>
+ <section><title>SSL 5.0</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Invalidation handling of sessions could cause the
+ time_stamp field in the session record to be set to
+ undefined crashing the session clean up process. This did
+ not affect the connections but would result in that the
+ session table would grow.</p>
+ <p>
+ Own Id: OTP-9696 Aux Id: seq11947 </p>
+ </item>
+ <item>
+ <p>
+ Changed code to use ets:foldl and throw instead of
+ ets:next traversal, avoiding the need to explicitly call
+ ets:safe_fixtable. It was possible to get a badarg-crash
+ under special circumstances.</p>
+ <p>
+ Own Id: OTP-9703 Aux Id: seq11947 </p>
+ </item>
+ <item>
+ <p>
+ Send ssl_closed notification to active ssl user when a
+ tcp error occurs.</p>
+ <p>
+ Own Id: OTP-9734 Aux Id: seq11946 </p>
+ </item>
+ <item>
+ <p>
+ If a passive receive was ongoing during a renegotiation
+ the process evaluating ssl:recv could be left hanging for
+ ever.</p>
+ <p>
+ Own Id: OTP-9744</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Support for the old ssl implementation is dropped and the
+ code is removed.</p>
+ <p>
+ Own Id: OTP-7048</p>
+ </item>
+ <item>
+ <p>
+ The erlang distribution can now be run over the new ssl
+ implementation. All options can currently not be set but
+ it is enough to replace to old ssl implementation.</p>
+ <p>
+ Own Id: OTP-7053</p>
+ </item>
+ <item>
+ <p>
+ public_key, ssl and crypto now supports PKCS-8</p>
+ <p>
+ Own Id: OTP-9312</p>
+ </item>
+ <item>
+ <p>
+ Implements a CBC timing attack counter measure. Thanks to
+ Andreas Schultz for providing the patch.</p>
+ <p>
+ Own Id: OTP-9683</p>
+ </item>
+ <item>
+ <p>
+ Mitigates an SSL/TLS Computational DoS attack by
+ disallowing the client to renegotiate many times in a row
+ in a short time interval, thanks to Tuncer Ayaz for
+ alerting us about this.</p>
+ <p>
+ Own Id: OTP-9739</p>
+ </item>
+ <item>
+ <p>
+ Implements the 1/n-1 splitting countermeasure to the
+ Rizzo Duong BEAST attack, affects SSL 3.0 and TLS 1.0.
+ Thanks to Tuncer Ayaz for alerting us about this.</p>
+ <p>
+ Own Id: OTP-9750</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>SSL 4.1.6</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ replace "a ssl" with "an ssl" reindent
+ pkix_path_validation/3 Trivial documentation fixes
+ (Thanks to Christian von Roques )</p>
+ <p>
+ Own Id: OTP-9464</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Adds function clause to avoid denial of service attack.
+ Thanks to Vinod for reporting this vulnerability.</p>
+ <p>
+ Own Id: OTP-9364</p>
+ </item>
+ <item>
+ <p>
+ Error handling code now takes care of inet:getopts/2 and
+ inets:setopts/2 crashes. Thanks to Richard Jones for
+ reporting this.</p>
+ <p>
+ Own Id: OTP-9382</p>
+ </item>
+ <item>
+ <p>
+ Support explicit use of packet option httph and httph_bin</p>
+ <p>
+ Own Id: OTP-9461</p>
+ </item>
+ <item>
+ <p>
+ Decoding of hello extensions could fail to come to the
+ correct conclusion due to an error in a binary match
+ pattern. Thanks to Ben Murphy.</p>
+ <p>
+ Own Id: OTP-9589</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section>
<title>SSL 4.1.5</title>
<section><title>Improvements and New Features</title>