diff options
Diffstat (limited to 'lib/ssl/doc/src')
| -rw-r--r-- | lib/ssl/doc/src/notes.xml | 156 | ||||
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 37 |
2 files changed, 191 insertions, 2 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index f0231da2ad..5c213402f4 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,6 +27,162 @@ </header> <p>This document describes the changes made to the SSL application.</p> +<section><title>SSL 9.3.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Returned "alert error string" is now same as logged alert + string</p> + <p> + Own Id: OTP-15844</p> + </item> + <item> + <p> + Fix returned extension map fields to follow the + documentation.</p> + <p> + Own Id: OTP-15862 Aux Id: ERL-951 </p> + </item> + <item> + <p> + Avoid DTLS crash due to missing gen_server return value + in DTLS packet demux process.</p> + <p> + Own Id: OTP-15864 Aux Id: ERL-962 </p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.3.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Missing check of size of user_data_buffer made internal + socket behave as an active socket instead of active N. + This could cause memory problems.</p> + <p> + Own Id: OTP-15825 Aux Id: ERL-934, OTP-15823 </p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + The distribution handshake with TLS distribution + (<c>inet_tls_dist</c>) does now utilize the socket option + <c>{nodelay, true}</c>, which decreases the distribution + setup time significantly.</p> + <p> + Own Id: OTP-14792</p> + </item> + <item> + <p> + Correct shutdown reason to avoid an incorrect crash + report</p> + <p> + Own Id: OTP-15710 Aux Id: ERL-893 </p> + </item> + <item> + <p> + Enhance documentation and type specifications.</p> + <p> + Own Id: OTP-15746 Aux Id: ERIERL-333 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy + and not supported by default</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-14865</p> + </item> + <item> + <p> + Use new logger API in ssl. Introduce log levels and + verbose debug logging for SSL.</p> + <p> + Own Id: OTP-15055</p> + </item> + <item> + <p> + Add new API function str_to_suite/1, cipher_suites/3 + (list cipher suites as rfc or OpenSSL name strings) and + suite_to_openssl_str/1</p> + <p> + Own Id: OTP-15483 Aux Id: ERL-924 </p> + </item> + <item> + <p> + Basic support for TLS 1.3 Server for experimental use. + The client is not yet functional, for more information + see the Standards Compliance chapter of the User's Guide.</p> + <p> + Own Id: OTP-15591</p> + </item> + <item> + <p> + Add support for PSK CCM ciphers from RFC 6655</p> + <p> + Own Id: OTP-15626</p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 9.2.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Missing check of size of user_data_buffer made internal + socket behave as an active socket instead of active N. + This could cause memory problems.</p> + <p> + Own Id: OTP-15802 Aux Id: ERL-934 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Back port of bug fix ERL-893 from OTP-22 and document + enhancements that will solve dialyzer warnings for users + of the ssl application.</p> + <p> + This change also affects public_key, eldap (and inet + doc).</p> + <p> + Own Id: OTP-15785 Aux Id: ERL-929, ERL-893, PR-2215 </p> + </item> + </list> + </section> + +</section> + <section><title>SSL 9.2.2</title> <section><title>Fixed Bugs and Malfunctions</title> diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index d626748af6..3aa6e09c2c 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -1132,6 +1132,15 @@ fun(srp, Username :: string(), UserState :: term()) -> </func> <func> + <name name="cipher_suites" arity="3" since="OTP 22.0"/> + <fsummary>Returns a list of RFC or OpenSSL names</fsummary> + <desc><p>Same as <seealso marker="#cipher_suites-2">cipher_suites/2</seealso> + but lists RFC or OpenSSL string names instead of <seealso marker="#type-erl_cipher_suite">erl_cipher_suite()</seealso> + </p> + </desc> + </func> + + <func> <name name="eccs" arity="0" since="OTP 19.2"/> <name name="eccs" arity="1" since="OTP 19.2"/> <fsummary>Returns a list of supported ECCs.</fsummary> @@ -1563,12 +1572,36 @@ fun(srp, Username :: string(), UserState :: term()) -> <p>Stops the SSL application.</p> </desc> </func> + + <func> + <name since="OTP 22.0" name="str_to_suite" arity="1" /> + <fsummary>Converts an RFC or OpenSSL name string to an erlang cipher suite format</fsummary> + <desc> + <p>Converts an RFC or OpenSSL name string to an + <seealso marker="#type-erl_cipher_suite">erl_cipher_suite()</seealso> + Returns an error if the cipher suite is not supported or the name is not a valid cipher suite name.</p> + </desc> + </func> <func> + <name since="OTP 22.0" name="suite_to_openssl_str" arity="1" /> + <fsummary>Converts erlang cipher suite format to an OpenSSL name string. + </fsummary> + <desc> + <p>Converts <seealso marker="#type-erl_cipher_suite">erl_cipher_suite()</seealso> + to OpenSSL name string. </p> + + <p>PRE TLS-1.3 these names differ for RFC names</p> + + </desc> + </func> + + <func> <name since="OTP 21.0" name="suite_to_str" arity="1" clause_i="1" /> - <fsummary>Returns the string representation of a cipher suite.</fsummary> + <fsummary>Converts an erlang cipher suite to an RFC name string.</fsummary> <desc> - <p>Returns the string representation of a cipher suite.</p> + <p>Converts <seealso marker="#type-erl_cipher_suite">erl_cipher_suite()</seealso> + to RFC name string.</p> </desc> </func> |