diff options
Diffstat (limited to 'lib/ssl/doc/src/notes.xml')
| -rw-r--r-- | lib/ssl/doc/src/notes.xml | 203 |
1 files changed, 201 insertions, 2 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index b40ef246e7..335896c60a 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,6 +27,205 @@ </header> <p>This document describes the changes made to the SSL application.</p> +<section><title>SSL 9.3.5</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Enhance error handling for erroneous alerts from the + peer.</p> + <p> + Own Id: OTP-15943</p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.3.4</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fix handling of certificate decoding problems in TLS 1.3 + similarly as in TLS 1.2.</p> + <p> + Own Id: OTP-15900</p> + </item> + <item> + <p> + Hibernation now works as expected in all cases, was + accidently broken by optimization efforts.</p> + <p> + Own Id: OTP-15910</p> + </item> + <item> + <p> + Fix interoperability problems with openssl when the TLS + 1.3 server is configured wirh the option + signature_algs_cert.</p> + <p> + Own Id: OTP-15913</p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.3.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Correct handshake handling, might cause strange symptoms + such as ASN.1 certificate decoding issues.</p> + <p> + Own Id: OTP-15879 Aux Id: ERL-968 </p> + </item> + <item> + <p> + Fix handling of the signature_algorithms_cert extension + in the ClientHello handshake message.</p> + <p> + Own Id: OTP-15887 Aux Id: ERL-973 </p> + </item> + <item> + <p> + Handle new ClientHello extensions when handshake is + paused by the {handshake, hello} ssl option.</p> + <p> + Own Id: OTP-15888 Aux Id: ERL-975 </p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.3.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Returned "alert error string" is now same as logged alert + string</p> + <p> + Own Id: OTP-15844</p> + </item> + <item> + <p> + Fix returned extension map fields to follow the + documentation.</p> + <p> + Own Id: OTP-15862 Aux Id: ERL-951 </p> + </item> + <item> + <p> + Avoid DTLS crash due to missing gen_server return value + in DTLS packet demux process.</p> + <p> + Own Id: OTP-15864 Aux Id: ERL-962 </p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.3.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Missing check of size of user_data_buffer made internal + socket behave as an active socket instead of active N. + This could cause memory problems.</p> + <p> + Own Id: OTP-15825 Aux Id: ERL-934, OTP-15823 </p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + The distribution handshake with TLS distribution + (<c>inet_tls_dist</c>) does now utilize the socket option + <c>{nodelay, true}</c>, which decreases the distribution + setup time significantly.</p> + <p> + Own Id: OTP-14792</p> + </item> + <item> + <p> + Correct shutdown reason to avoid an incorrect crash + report</p> + <p> + Own Id: OTP-15710 Aux Id: ERL-893 </p> + </item> + <item> + <p> + Enhance documentation and type specifications.</p> + <p> + Own Id: OTP-15746 Aux Id: ERIERL-333 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy + and not supported by default</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-14865</p> + </item> + <item> + <p> + Use new logger API in ssl. Introduce log levels and + verbose debug logging for SSL.</p> + <p> + Own Id: OTP-15055</p> + </item> + <item> + <p> + Add new API function str_to_suite/1, cipher_suites/3 + (list cipher suites as rfc or OpenSSL name strings) and + suite_to_openssl_str/1</p> + <p> + Own Id: OTP-15483 Aux Id: ERL-924 </p> + </item> + <item> + <p> + Basic support for TLS 1.3 Server for experimental use. + The client is not yet functional, for more information + see the Standards Compliance chapter of the User's Guide.</p> + <p> + Own Id: OTP-15591</p> + </item> + <item> + <p> + Add support for PSK CCM ciphers from RFC 6655</p> + <p> + Own Id: OTP-15626</p> + </item> + </list> + </section> + +</section> + <section><title>SSL 9.2.3.5</title> <section><title>Fixed Bugs and Malfunctions</title> @@ -958,7 +1157,7 @@ <p> TLS sessions must be registered with SNI if provided, so that sessions where client hostname verification would - fail can not connect reusing a session created when the + fail cannot connect reusing a session created when the server name verification succeeded.</p> <p> Own Id: OTP-14632</p> @@ -1136,7 +1335,7 @@ public_key:pkix_verify_hostname/2 to verify the hostname of the connection with the server certificates specified hostname during certificate path validation. The user may - explicitly disables it. Also if the hostname can not be + explicitly disables it. Also if the hostname cannot be derived from the first argument to connect or is not supplied by the server name indication option, the check will not be performed.</p> |