aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl_app.xml
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/doc/src/ssl_app.xml')
-rw-r--r--lib/ssl/doc/src/ssl_app.xml182
1 files changed, 182 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
new file mode 100644
index 0000000000..ae8bd87781
--- /dev/null
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE appref SYSTEM "appref.dtd">
+
+<appref>
+ <header>
+ <copyright>
+ <year>1999</year><year>2009</year>
+ <holder>Ericsson AB. All Rights Reserved.</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ </legalnotice>
+
+ <title>ssl</title>
+ <prepared>Peter H&ouml;gfeldt</prepared>
+ <responsible>Peter H&ouml;gfeldt</responsible>
+ <docno></docno>
+ <approved>Peter H&ouml;gfeldt</approved>
+ <checked>Peter H&ouml;gfeldt</checked>
+ <date>2005-03-10</date>
+ <rev>E</rev>
+ <file>ssl_app.sgml</file>
+ </header>
+ <app>ssl</app>
+ <appsummary>The SSL Application</appsummary>
+ <description>
+ <p>The Secure Socket Layer (SSL) application provides secure
+ socket communication over TCP/IP.
+ </p>
+ </description>
+
+ <section>
+ <title>Warning</title>
+ <p>In previous versions of Erlang/OTP SSL it was advised, as a
+ work-around, to set the operating system environment variable
+ <c>SSL_CERT_FILE</c> to point at a file containing CA
+ certificates. That variable is no longer needed, and is not
+ recognised by Erlang/OTP SSL any more.
+ </p>
+ <p>However, the OpenSSL package does interpret that environment
+ variable. Hence a setting of that variable might have
+ unpredictable effects on the Erlang/OTP SSL application. It is
+ therefore adviced to not used that environment variable at all.</p>
+ </section>
+
+ <section>
+ <title>Environment</title>
+ <p>The following application environment configuration parameters
+ are defined for the SSL application. Refer to application(3) for
+ more information about configuration parameters.
+ </p>
+ <p>Note that the environment parameters can be set on the command line,
+ for instance,</p>
+ <p><c>erl ... -ssl protocol_version '[sslv2,sslv3]' ...</c>.
+ </p>
+ <taglist>
+ <tag><c><![CDATA[ephemeral_rsa = true | false <optional>]]></c></tag>
+ <item>
+ <p>Enables all SSL servers (those that listen and accept)
+ to use ephemeral RSA key generation when a clients connect with
+ weak handshake cipher specifications, that need equally weak
+ ciphers from the server (i.e. obsolete restrictions on export
+ ciphers). Default is <c>false</c>.
+ </p>
+ </item>
+ <tag><c><![CDATA[debug = true | false <optional>]]></c></tag>
+ <item>
+ <p>Causes debug information to be written to standard
+ output. Default is <c>false</c>.
+ </p>
+ </item>
+ <tag><c><![CDATA[debugdir = path() | false <optional>]]></c></tag>
+ <item>
+ <p>Causes debug information output controlled by <c>debug</c>
+ and <c>msgdebug</c> to be printed to a file named
+ <c><![CDATA[ssl_esock.<pid>.log]]></c> in the directory specified by
+ <c>debugdir</c>, where <c><![CDATA[<pid>]]></c> is the operating system
+ specific textual representation of the process identifier
+ of the external port program of the SSL application. Default
+ is <c>false</c>, i.e. no log file is produced.
+ </p>
+ </item>
+ <tag><c><![CDATA[msgdebug = true | false <optional>]]></c></tag>
+ <item>
+ <p>Sets <c>debug = true</c> and causes also the contents
+ of low level messages to be printed to standard output.
+ Default is <c>false</c>.
+ </p>
+ </item>
+ <tag><c><![CDATA[port_program = string() | false <optional>]]></c></tag>
+ <item>
+ <p>Name of port program. The default is <c>ssl_esock</c>.
+ </p>
+ </item>
+ <tag><c><![CDATA[protocol_version = [sslv2|sslv3|tlsv1] <optional>]]></c>.</tag>
+ <item>
+ <p>Name of protocols to use. If this option is not set,
+ all protocols are assumed, i.e. the default value is
+ <c>[sslv2, sslv3, tlsv1]</c>.
+ </p>
+ </item>
+ <tag><c><![CDATA[proxylsport = integer() | false <optional>]]></c></tag>
+ <item>
+ <p>Define the port number of the listen port of the
+ SSL port program. Almost never is this option needed.
+ </p>
+ </item>
+ <tag><c><![CDATA[proxylsbacklog = integer() | false <optional>]]></c></tag>
+ <item>
+ <p>Set the listen queue size of the listen port of the
+ SSL port program. The default is 128.
+ </p>
+ </item>
+ </taglist>
+ </section>
+
+ <section>
+ <title>OpenSSL libraries</title>
+ <p>The current implementation of the Erlang SSL application is
+ based on the <em>OpenSSL</em> package version 0.9.7 or higher.
+ There are source and binary releases on the web.
+ </p>
+ <p>Source releases of OpenSSL can be downloaded from the <url href="http://www.openssl.org">OpenSSL</url> project home page,
+ or mirror sites listed there.
+ </p>
+ <p>The same URL also contains links to some compiled binaries and
+ libraries of OpenSSL (see the <c>Related/Binaries</c> menu) of
+ which the <url href="http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL">Shining Light Productions Win32 and OpenSSL</url> pages are of
+ interest for the Win32 user.
+ </p>
+ <p>For some Unix flavours there are binary packages available
+ on the net.
+ </p>
+ <p>If you cannot find a suitable binary OpenSSL package, you
+ have to fetch an OpenSSL source release and compile it.
+ </p>
+ <p>You then have to compile and install the libraries
+ <c>libcrypto.so</c> and <c>libssl.so</c> (Unix), or the
+ libraries <c>libeay32.dll</c> and <c>ssleay32.dll</c> (Win32).
+ </p>
+ <p>For Unix The <c>ssl_esock</c> port program is delivered linked
+ to OpenSSL libraries in <c>/usr/local/lib</c>, but the default
+ dynamic linking will also accept libraries in <c>/lib</c> and
+ <c>/usr/lib</c>.
+ </p>
+ <p>If that is not applicable to the particular Unix operating
+ system used, the example <c>Makefile</c> in the SSL
+ <c>priv/obj</c> directory, should be used as a guide to
+ relinking the final version of the port program.
+ </p>
+ <p>For <c>Win32</c> it is only required that the libraries can be
+ found from the <c>PATH</c> environment variable, or that they
+ reside in the appropriate <c>SYSTEM32</c> directory; hence no
+ particular relinking is need. Hence no example <c>Makefile</c>
+ for Win32 is provided.</p>
+ </section>
+
+ <section>
+ <title>Restrictions</title>
+ <p>Users must be aware of export restrictions and patent rights
+ concerning cryptographic software.
+ </p>
+ </section>
+
+ <section>
+ <title>SEE ALSO</title>
+ <p>application(3)</p>
+ </section>
+
+</appref>
+
+