1 files changed, 36 insertions, 11 deletions

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index e3deb1c8a4..6efa022a79 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -88,6 +88,7 @@
 	<p><c>| {client_preferred_next_protocols, {client | server,
 	[binary()]} | {client | server, [binary()], binary()}}</c></p>
 	<p><c>| {log_alert, boolean()}</c></p>
+	<p><c>| {log_level, atom()}</c></p>
 	<p><c>| {server_name_indication, hostname() | disable}</c></p>
 	<p><c>| {customize_hostname_check, list()}</c></p>
 	<p><c>| {sni_hosts, [{hostname(), [ssl_option()]}]}</c></p>
@@ -199,14 +200,14 @@
        | sect163r1 | sect163r2 | secp160k1 | secp160r1 | secp160r2</c></p></item>
 
        <tag><c>hello_extensions() =</c></tag>
-       <item><p><c>#{renegotiation_info => 
+       <item><p><c>#{renegotiation_info => binary() | undefined,
                    signature_algs => [{hash(), ecsda| rsa| dsa}] | undefined
 		   alpn => binary() | undefined,
-		   next_protocol_negotiation,
+		   next_protocol_negotiation => binary() | undefined,
 		   srp => string() | undefined,
-		   ec_point_formats ,
-		   elliptic_curves = [oid] | undefined
-		   sni = string()} 
+		   ec_point_formats => list() | undefined,
+		   elliptic_curves => [oid] | undefined,
+		   sni => string() | undefined}
        }</c></p></item>
       
 
@@ -409,7 +410,7 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid
 	  <item>check is only performed on the peer certificate.</item>
 
 	  <tag><c>best_effort</c></tag>
-	  <item>if certificate revocation status can not be determined
+	  <item>if certificate revocation status cannot be determined
 	  it will be accepted as valid.</item>
 	</taglist>
 
@@ -796,7 +797,17 @@ fun(srp, Username :: string(), UserState :: term()) ->
       the client.</p></item>
 
       <tag><c>{log_alert, boolean()}</c></tag>
-      <item><p>If set to <c>false</c>, error reports are not displayed.</p></item>
+      <item><p>If set to <c>false</c>, error reports are not displayed.</p>
+      <p>Deprecated in OTP 22, use <seealso marker="#log_level">log_level</seealso> instead.</p>
+      </item>
+
+      <tag><marker id="log_level"/><c>{log_level, atom()}</c></tag>
+      <item><p>Specifies the log level for TLS/DTLS. It can take the following
+      values (ordered by increasing verbosity level): <c>emergency, alert, critical, error,
+      warning, notice, info, debug.</c></p>
+      <p>At verbosity level <c>notice</c> and above error reports are
+      displayed in TLS. The level <c>debug</c> triggers verbose logging of TLS protocol
+      messages and logging of ignored alerts in DTLS.</p></item>
 
       <tag><c>{honor_cipher_order, boolean()}</c></tag>
       <item><p>If set to <c>true</c>, use the server preference for cipher
@@ -1066,7 +1077,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
       </fsummary>
       <type>
 	<v>SslSocket = sslsocket()</v>
-        <v>Item = protocol | cipher_suite | sni_hostname | ecc | session_id | atom()</v>
+        <v>Item = protocol | selected_cipher_suite | sni_hostname | ecc | session_id | atom()</v>
 	<d>Meaningful atoms, not specified above, are the ssl option names.</d>
 	<v>Result = [{Item::atom(), Value::term()}]</v>
         <v>Reason = term()</v>
@@ -1074,6 +1085,9 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <desc><p>Returns the most relevant information about the connection, ssl options that
       are undefined will be filtered out. Note that values that affect the security of the
       connection will only be returned if explicitly requested by connection_information/2.</p>
+      <note><p>The legacy <c>Item = cipher_suite</c> is still supported
+        and returns the cipher suite on its (undocumented) legacy format.
+        It should be replaced by <c>selected_cipher_suite</c>.</p></note>
       </desc>
     </func>
 
@@ -1397,6 +1411,17 @@ fun(srp, Username :: string(), UserState :: term()) ->
     </func>
 
     <func>
+      <name>set_log_level(Level) -> ok | {error, Reason}</name>
+      <fsummary>Sets log level for the SSL application.</fsummary>
+      <type>
+        <v>Level = atom()</v>
+      </type>
+      <desc>
+        <p>Sets log level for the SSL application.</p>
+      </desc>
+    </func>
+
+    <func>
       <name>shutdown(SslSocket, How) -> ok | {error, Reason}</name>
       <fsummary>Immediately closes a socket.</fsummary>
       <type>
@@ -1513,9 +1538,9 @@ fun(srp, Username :: string(), UserState :: term()) ->
 	to complete handshaking, that is,
 	establishing the SSL/TLS/DTLS connection.</p>
         <warning>
-          <p>The socket returned can only be used with
-	  <seealso marker="#handshake-2"> handshake/[2,3]</seealso>.
-	  No traffic can be sent or received before that call.</p>
+          <p>Most API functions require that the TLS/DTLS 
+          connection is established to work as expected.
+	  </p>
         </warning>
         <p>The accepted socket inherits the options set for
 	<c>ListenSocket</c> in