diff options
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 66 |
1 files changed, 62 insertions, 4 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 586452efd4..200fb89a4d 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -89,6 +89,7 @@ <p><c>| {client_preferred_next_protocols, {client | server, [binary()]} | {client | server, [binary()], binary()}}</c></p> <p><c>| {log_alert, boolean()}</c></p> + <p><c>| {log_level, atom()}</c></p> <p><c>| {server_name_indication, hostname() | disable}</c></p> <p><c>| {customize_hostname_check, list()}</c></p> <p><c>| {sni_hosts, [{hostname(), [ssl_option()]}]}</c></p> @@ -209,7 +210,24 @@ elliptic_curves => [oid] | undefined, sni => string() | undefined} }</c></p></item> - + + <tag><c>signature_scheme() =</c></tag> + <item> + <p><c>rsa_pkcs1_sha256</c></p> + <p><c>| rsa_pkcs1_sha384</c></p> + <p><c>| rsa_pkcs1_sha512</c></p> + <p><c>| ecdsa_secp256r1_sha256</c></p> + <p><c>| ecdsa_secp384r1_sha384</c></p> + <p><c>| ecdsa_secp521r1_sha512</c></p> + <p><c>| rsa_pss_rsae_sha256</c></p> + <p><c>| rsa_pss_rsae_sha384</c></p> + <p><c>| rsa_pss_rsae_sha512</c></p> + <p><c>| rsa_pss_pss_sha256</c></p> + <p><c>| rsa_pss_pss_sha384</c></p> + <p><c>| rsa_pss_pss_sha512</c></p> + <p><c>| rsa_pkcs1_sha1</c></p> + <p><c>| ecdsa_sha1</c></p> + </item> </taglist> </section> @@ -410,7 +428,7 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid <item>check is only performed on the peer certificate.</item> <tag><c>best_effort</c></tag> - <item>if certificate revocation status can not be determined + <item>if certificate revocation status cannot be determined it will be accepted as valid.</item> </taglist> @@ -721,6 +739,26 @@ fun(srp, Username :: string(), UserState :: term()) -> that may be selected. Default support for {md5, rsa} removed in ssl-8.0 </p> </item> + <tag><marker id="signature_algs_cert"/><c>{signature_algs_cert, [signature_scheme()]}</c></tag> + <item> + <p> + In addition to the signature_algorithms extension from TLS 1.2, + <url href="http://www.ietf.org/rfc/rfc8446.txt#section-4.2.3">TLS 1.3 + (RFC 5246 Section 4.2.3)</url>adds the signature_algorithms_cert extension + which enables having special requirements on the signatures used in the + certificates that differs from the requirements on digital signatures as a whole. + If this is not required this extension is not needed. + </p> + <p> + The client will send a signature_algorithms_cert extension (ClientHello), + if TLS version 1.3 or later is used, and the signature_algs_cert option is + explicitly specified. By default, only the signature_algs extension is sent. + </p> + <p> + The signature schemes shall be ordered according to the client's preference + (favorite choice first). + </p> + </item> </taglist> </section> @@ -812,7 +850,17 @@ fun(srp, Username :: string(), UserState :: term()) -> the client.</p></item> <tag><c>{log_alert, boolean()}</c></tag> - <item><p>If set to <c>false</c>, error reports are not displayed.</p></item> + <item><p>If set to <c>false</c>, error reports are not displayed.</p> + <p>Deprecated in OTP 22, use <seealso marker="#log_level">log_level</seealso> instead.</p> + </item> + + <tag><marker id="log_level"/><c>{log_level, atom()}</c></tag> + <item><p>Specifies the log level for TLS/DTLS. It can take the following + values (ordered by increasing verbosity level): <c>emergency, alert, critical, error, + warning, notice, info, debug.</c></p> + <p>At verbosity level <c>notice</c> and above error reports are + displayed in TLS. The level <c>debug</c> triggers verbose logging of TLS protocol + messages and logging of ignored alerts in DTLS.</p></item> <tag><c>{honor_cipher_order, boolean()}</c></tag> <item><p>If set to <c>true</c>, use the server preference for cipher @@ -865,7 +913,6 @@ fun(srp, Username :: string(), UserState :: term()) -> negotiation, introduced in TLS-1.2. The algorithms will also be offered to the client if a client certificate is requested. For more details see the <seealso marker="#client_signature_algs">corresponding client option</seealso>. </p> </item> - </taglist> </section> @@ -1416,6 +1463,17 @@ fun(srp, Username :: string(), UserState :: term()) -> </func> <func> + <name since="OTP 22.0">set_log_level(Level) -> ok | {error, Reason}</name> + <fsummary>Sets log level for the SSL application.</fsummary> + <type> + <v>Level = atom()</v> + </type> + <desc> + <p>Sets log level for the SSL application.</p> + </desc> + </func> + + <func> <name since="OTP R14B">shutdown(SslSocket, How) -> ok | {error, Reason}</name> <fsummary>Immediately closes a socket.</fsummary> <type> |