1 files changed, 42 insertions, 13 deletions

diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
index 6c82e32a74..f317dfded4 100644
--- a/lib/ssl/doc/src/ssl_app.xml
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -4,7 +4,7 @@
 <appref>
   <header>
     <copyright>
-      <year>1999</year><year>2015</year>
+      <year>1999</year><year>2016</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -43,6 +43,10 @@
       <item>For security reasons SSL-2.0 is not supported.</item>
       <item>For security reasons SSL-3.0 is no longer supported by default,
       but can be configured.</item>
+      <item>For security reasons DES cipher suites are no longer supported by default,
+      but can be configured.</item>
+      <item> Renegotiation Indication Extension <url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url> is supported
+      </item>
       <item>Ephemeral Diffie-Hellman cipher suites are supported,
       but not Diffie Hellman Certificates cipher suites.</item>
       <item>Elliptic Curve cipher suites are supported if the Crypto 
@@ -53,10 +57,16 @@
       <item>IDEA cipher suites are not supported as they have
       become deprecated by the latest TLS specification so it is not 
       motivated to implement them.</item>
+      <item>Compression is not supported.</item>
       <item>CRL validation is supported.</item>
       <item>Policy certificate extensions are not supported.</item>
-      <item>'Server Name Indication' extension client side
-      (RFC 6066, Section 3) is supported.</item>
+      <item>'Server Name Indication' extension
+      (<url href="http://www.ietf.org/rfc/rfc6066.txt">RFC 6066</url>) is supported.</item>
+      <item>Application Layer Protocol Negotiation (ALPN) and its successor Next Protocol Negotiation (NPN)
+      are supported. </item>
+      <item>It is possible to use Pre-Shared Key (PSK) and Secure Remote Password (SRP)
+      cipher suites, but they are not enabled by default.
+      </item>
     </list>
    </description>
 
@@ -92,7 +102,10 @@
       to <c>ssl:connect/[2,3]</c> and <c>ssl:listen/2</c>.</p></item>
 
       <tag><c><![CDATA[session_lifetime = integer() <optional>]]></c></tag>
-      <item><p>Maximum lifetime of the session data in seconds.</p></item>
+      <item><p>Maximum lifetime of the session data in seconds. Defaults to 24 hours which is the maximum
+      recommended lifetime by <url href="http://www.ietf.org/rfc/5246rfc.txt">RFC 5246</url>. However
+      sessions may be invalidated earlier due to the maximum limitation of the session cache table.
+      </p></item>
 
       <tag><c><![CDATA[session_cb = atom() <optional>]]></c></tag>
       <item><p>Name of the session cache callback module that implements
@@ -104,22 +117,40 @@
       <item><p>List of extra user-defined arguments to the <c>init</c> function
       in the session cache callback module. Defaults to <c>[]</c>.</p></item>
 
-      <tag><c><![CDATA[session_cache_client_max = integer() <optional>]]></c><br/>
-      <c><![CDATA[session_cache_server_max = integer() <optional>]]></c></tag>
-      <item><p>Limits the growth of the clients/servers session cache,
-      if the maximum number of sessions is reached, the current cache entries will
-      be invalidated regardless of their remaining lifetime. Defaults to 1000.
-      </p></item>
+      <tag><c><![CDATA[session_cache_client_max = integer() <optional>]]></c><br/></tag>
+      <item><p>Limits the growth of the clients session cache, that is
+      how many sessions towards servers that are cached to be used by
+      new client connections.  If the maximum number of sessions is
+      reached, the current cache entries will be invalidated
+      regardless of their remaining lifetime. Defaults to
+      1000.</p></item>
+
+      <tag> <c><![CDATA[session_cache_server_max = integer() <optional>]]></c></tag>
+      <item><p>Limits the growth of the servers session cache, that is
+      how many client sessions are cached by the server. If the
+      maximum number of sessions is reached, the current cache entries
+      will be invalidated regardless of their remaining
+      lifetime. Defaults to 1000.</p></item>
       
       <tag><c><![CDATA[ssl_pem_cache_clean = integer() <optional>]]></c></tag>
       <item>
 	<p>
-	  Number of milliseconds between PEM cache validations.
+	  Number of milliseconds between PEM cache validations. Defaults to 2 minutes.
 	</p>
 	<seealso
 	    marker="ssl#clear_pem_cache-0">ssl:clear_pem_cache/0</seealso>
 	
       </item>
+
+      <tag><c><![CDATA[bypass_pem_cache = boolean() <optional>]]></c></tag>
+      <item>
+	<p>Introduced in ssl-8.0.2. Disables the PEM-cache.
+	The PEM cache has proven to be a bottleneck, until the
+	implementation has been improved this can be used as
+	a workaround. Defaults to false.
+	</p>
+      </item>
+      
       <tag><c><![CDATA[alert_timeout = integer() <optional>]]></c></tag>
       <item>
 	<p>
@@ -129,8 +160,6 @@
 	  shutdown gracefully. Defaults to 5000 milliseconds.   
 	</p>
       </item>
-
-      
     </taglist>
   </section>