diff options
Diffstat (limited to 'lib/ssl/doc/src')
| -rw-r--r-- | lib/ssl/doc/src/notes.xml | 109 | ||||
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 8 |
2 files changed, 7 insertions, 110 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 5fb76c1f62..e9b523d9e1 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -28,115 +28,6 @@ <p>This document describes the changes made to the SSL application.</p> -<section><title>SSL 8.0</title> - - <section><title>Fixed Bugs and Malfunctions</title> - <list> - <item> - <p> - Timeouts may have the value 0, gauards have been - corrected to allow this</p> - <p> - Own Id: OTP-13635</p> - </item> - </list> - </section> - - - <section><title>Improvements and New Features</title> - <list> - <item> - <p> - Remove default support for DES cipher suites</p> - <p> - *** POTENTIAL INCOMPATIBILITY ***</p> - <p> - Own Id: OTP-13195</p> - </item> - <item> - <p> - Deprecate the function crypto:rand_bytes and make sure - that crypto:strong_rand_bytes is used in all places that - are cryptographically significant.</p> - <p> - Own Id: OTP-13214</p> - </item> - <item> - <p> - Better error handling of user error during TLS upgrade. - ERL-69 is solved by gen_statem rewrite of ssl - application.</p> - <p> - Own Id: OTP-13255</p> - </item> - <item> - <p> - Provide user friendly error message when crypto rejects a - key</p> - <p> - Own Id: OTP-13256</p> - </item> - <item> - <p> - TLS distribution connections now allow specifying the - options <c>verify_fun</c>, <c>crl_check</c> and - <c>crl_cache</c>. See the documentation. GitHub pull req - #956 contributed by Magnus Henoch.</p> - <p> - Own Id: OTP-13429 Aux Id: Pull#956 </p> - </item> - <item> - <p> - Remove confusing error message when closing a distributed - erlang node running over TLS</p> - <p> - Own Id: OTP-13431</p> - </item> - <item> - <p> - ssl now uses gen_statem instead of gen_fsm to implement - the ssl connection process, this solves some timing - issues in addtion to making the code more intuitive as - the behaviour can be used cleanly instead of having a lot - of workaround for shortcomings of the behaviour.</p> - <p> - Own Id: OTP-13464</p> - </item> - <item> - <p> - Correct ssl:prf/5 to use the negotiated cipher suites prf - function in ssl:prf/5 instead of the default prf.</p> - <p> - Own Id: OTP-13546</p> - </item> - <item> - <p> - Some legacy TLS 1.0 software does not tolerate the 1/n-1 - content split BEAST mitigation technique. Add a - beast_mitigation SSL option (defaulting to - one_n_minus_one) to select or disable the BEAST - mitigation technique.</p> - <p> - Own Id: OTP-13629</p> - </item> - <item> - <p> - Enhance error log messages to facilitate for users to - understand the error</p> - <p> - Own Id: OTP-13632</p> - </item> - <item> - <p> - Incresed default DH params to 2048-bit</p> - <p> - Own Id: OTP-13636</p> - </item> - </list> - </section> - -</section> - <section><title>SSL 7.3.2</title> <section><title>Fixed Bugs and Malfunctions</title> diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 33ece8f769..62f6263e9e 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -423,7 +423,7 @@ fun(srp, Username :: string(), UserState :: term()) -> <tag><c>{beast_mitigation, one_n_minus_one | zero_n | disabled}</c></tag> <item><p>Affects SSL-3.0 and TLS-1.0 connections only. Used to change the BEAST mitigation strategy to interoperate with legacy software. - Defaults to <c>one_n_minus_one</c></p>. + Defaults to <c>one_n_minus_one</c>.</p> <p><c>one_n_minus_one</c> - Perform 1/n-1 BEAST mitigation.</p> @@ -706,6 +706,12 @@ fun(srp, Username :: string(), UserState :: term()) -> client certificate is requested. For more details see the <seealso marker="#client_signature_algs">corresponding client option</seealso>. </p> </item> + <tag><c>{v2_hello_compatible, boolean()}</c></tag> + <item>If true, the server accepts clients that send hello messages on SSL-2.0 format but offers + supported SSL/TLS versions. Defaults to false, that is the server will not interoperate with clients that + offers SSL-2.0. + </item> + </taglist> </section> |