aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl.xml
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
-rw-r--r--lib/ssl/doc/src/ssl.xml19
1 files changed, 11 insertions, 8 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 4ea000802f..abba5aaf59 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -464,10 +464,12 @@ fun(srp, Username :: string(), UserState :: term()) ->
<tag><c>{padding_check, boolean()}</c></tag>
<item><p>Affects TLS-1.0 connections only.
If set to <c>false</c>, it disables the block cipher padding check
- to be able to interoperate with legacy software.</p></item>
-
- <warning><p>Using <c>{padding_check, boolean()}</c> makes TLS
+ to be able to interoperate with legacy software.</p>
+ <warning><p>Using <c>{padding_check, boolean()}</c> makes TLS
vulnerable to the Poodle attack.</p></warning>
+ </item>
+
+
<tag><c>{beast_mitigation, one_n_minus_one | zero_n | disabled}</c></tag>
<item><p>Affects SSL-3.0 and TLS-1.0 connections only. Used to change the BEAST
@@ -478,11 +480,12 @@ fun(srp, Username :: string(), UserState :: term()) ->
<p><c>zero_n</c> - Perform 0/n BEAST mitigation.</p>
- <p><c>disabled</c> - Disable BEAST mitigation.</p></item>
+ <p><c>disabled</c> - Disable BEAST mitigation.</p>
- <warning><p>Using <c>{beast_mitigation, disabled}</c> makes SSL or TLS
+ <warning><p>Using <c>{beast_mitigation, disabled}</c> makes SSL or TLS
vulnerable to the BEAST attack.</p></warning>
- </taglist>
+ </item>
+ </taglist>
</section>
@@ -595,7 +598,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
TLS handshake. If no lower TLS versions than 1.2 are supported,
the client will send a TLS signature algorithm extension
with the algorithms specified by this option.
- Defaults to
+ Defaults to</p>
<code>[
%% SHA2
@@ -612,7 +615,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
{sha, rsa},
{sha, dsa},
]</code>
-
+<p>
The algorithms should be in the preferred order.
Selected signature algorithm can restrict which hash functions
that may be selected. Default support for {md5, rsa} removed in ssl-8.0