2 files changed, 84 insertions, 6 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index a61f52b809..8875d07535 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -26,7 +26,80 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 5.2.1</title>
+  <section><title>SSL 5.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Honor the versions option to ssl:connect and ssl:listen.</p>
+          <p>
+	    Own Id: OTP-10905</p>
+        </item>
+        <item>
+          <p>
+	    Next protocol negotiation with reused sessions will now
+	    succeed</p>
+          <p>
+	    Own Id: OTP-10909</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Add support for PSK (Pre Shared Key) and SRP (Secure
+	    Remote Password) chipher suits, thanks to Andreas
+	    Schultz.</p>
+          <p>
+	    Own Id: OTP-10450 Aux Id: kunagi-269 [180] </p>
+        </item>
+        <item>
+          <p>
+	    Fix SSL Next Protocol Negotiation documentation. Thanks
+	    to Julien Barbot.</p>
+          <p>
+	    Own Id: OTP-10955</p>
+        </item>
+        <item>
+          <p>
+	    Fix ssl_connection to support reading proxy/chain
+	    certificates. Thanks to Valentin Kuznetsov.</p>
+          <p>
+	    Own Id: OTP-10980</p>
+        </item>
+        <item>
+          <p>
+	    Integrate elliptic curve contribution from Andreas
+	    Schultz </p>
+          <p>
+	    In order to be able to support elliptic curve cipher
+	    suites in SSL/TLS, additions to handle elliptic curve
+	    infrastructure has been added to public_key and crypto.</p>
+          <p>
+	    This also has resulted in a rewrite of the crypto API to
+	    gain consistency and remove unnecessary overhead. All OTP
+	    applications using crypto has been updated to use the new
+	    API.</p>
+          <p>
+	    Impact: Elliptic curve cryptography (ECC) offers
+	    equivalent security with smaller key sizes than other
+	    public key algorithms. Smaller key sizes result in
+	    savings for power, memory, bandwidth, and computational
+	    cost that make ECC especially attractive for constrained
+	    environments.</p>
+          <p>
+	    Own Id: OTP-11009</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.2.1</title>
 
     <section><title>Improvements and New Features</title>
       <list>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index d5615fecfc..1645eb15f3 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -37,17 +37,21 @@
     <list type="bulleted">
       <item>ssl requires the crypto and public_key applications.</item>
       <item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0,
-      TLS-1.1 and TLS-1.2 (no support for elliptic curve cipher suites yet).</item>
+      TLS-1.1 and TLS-1.2.</item>
       <item>For security reasons sslv2 is not supported.</item>
       <item>Ephemeral Diffie-Hellman cipher suites are supported
       but not Diffie Hellman Certificates cipher suites.</item>
+      <item>Elliptic Curve cipher suites are supported if crypto
+      supports it and named curves are used.
+      </item>
       <item>Export cipher suites are not supported as the
       U.S. lifted its export restrictions in early 2000.</item>
       <item>IDEA cipher suites are not supported as they have
       become deprecated by the latest TLS spec so there is not any
       real motivation to implement them.</item>
-      <item>CRL and policy certificate
-            extensions are not supported yet. </item>
+      <item>CRL and policy certificate extensions are not supported
+      yet. However CRL verification is supported by public_key, only not integrated
+      in ssl yet. </item>
     </list>
  
   </section>
@@ -75,7 +79,7 @@
       {fail_if_no_peer_cert, boolean()}
       {depth, integer()} |
       {cert, der_encoded()}| {certfile, path()} |
-      {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}} |
+      {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}} |
       {keyfile, path()} | {password, string()} |
       {cacerts, [der_encoded()]} | {cacertfile, path()} |
       |{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} |
@@ -125,6 +129,7 @@
     
     <p><c>key_exchange() =  rsa | dhe_dss | dhe_rsa | dh_anon
        | psk | dhe_psk | rsa_psk | srp_anon | srp_dss | srp_rsa
+       | ecdh_anon | ecdh_ecdsa | ecdhe_ecdsa | ecdh_rsa | ecdhe_rsa
     </c></p>
 
    <p><c>cipher() = rc4_128 | des_cbc | '3des_ede_cbc'
@@ -157,7 +162,7 @@
       <tag>{certfile, path()}</tag>
       <item>Path to a file containing the user's certificate.</item>
       
-      <tag>{key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}}</tag>
+      <tag>{key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}}</tag>
       <item> The DER encoded users private key. If this option
       is supplied it will override the keyfile option.</item>