diff options
Diffstat (limited to 'lib/ssl/doc/src')
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 19 | ||||
| -rw-r--r-- | lib/ssl/doc/src/ssl_app.xml | 12 | ||||
| -rw-r--r-- | lib/ssl/doc/src/ssl_distribution.xml | 1 |
3 files changed, 21 insertions, 11 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 4ea000802f..abba5aaf59 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -464,10 +464,12 @@ fun(srp, Username :: string(), UserState :: term()) -> <tag><c>{padding_check, boolean()}</c></tag> <item><p>Affects TLS-1.0 connections only. If set to <c>false</c>, it disables the block cipher padding check - to be able to interoperate with legacy software.</p></item> - - <warning><p>Using <c>{padding_check, boolean()}</c> makes TLS + to be able to interoperate with legacy software.</p> + <warning><p>Using <c>{padding_check, boolean()}</c> makes TLS vulnerable to the Poodle attack.</p></warning> + </item> + + <tag><c>{beast_mitigation, one_n_minus_one | zero_n | disabled}</c></tag> <item><p>Affects SSL-3.0 and TLS-1.0 connections only. Used to change the BEAST @@ -478,11 +480,12 @@ fun(srp, Username :: string(), UserState :: term()) -> <p><c>zero_n</c> - Perform 0/n BEAST mitigation.</p> - <p><c>disabled</c> - Disable BEAST mitigation.</p></item> + <p><c>disabled</c> - Disable BEAST mitigation.</p> - <warning><p>Using <c>{beast_mitigation, disabled}</c> makes SSL or TLS + <warning><p>Using <c>{beast_mitigation, disabled}</c> makes SSL or TLS vulnerable to the BEAST attack.</p></warning> - </taglist> + </item> + </taglist> </section> @@ -595,7 +598,7 @@ fun(srp, Username :: string(), UserState :: term()) -> TLS handshake. If no lower TLS versions than 1.2 are supported, the client will send a TLS signature algorithm extension with the algorithms specified by this option. - Defaults to + Defaults to</p> <code>[ %% SHA2 @@ -612,7 +615,7 @@ fun(srp, Username :: string(), UserState :: term()) -> {sha, rsa}, {sha, dsa}, ]</code> - +<p> The algorithms should be in the preferred order. Selected signature algorithm can restrict which hash functions that may be selected. Default support for {md5, rsa} removed in ssl-8.0 diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml index e50ffdbfe6..a66e947bc1 100644 --- a/lib/ssl/doc/src/ssl_app.xml +++ b/lib/ssl/doc/src/ssl_app.xml @@ -45,6 +45,8 @@ but can be configured.</item> <item>For security reasons DES cipher suites are no longer supported by default, but can be configured.</item> + <item> Renegotiation Indication Extension <url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url> is supported + </item> <item>Ephemeral Diffie-Hellman cipher suites are supported, but not Diffie Hellman Certificates cipher suites.</item> <item>Elliptic Curve cipher suites are supported if the Crypto @@ -55,10 +57,16 @@ <item>IDEA cipher suites are not supported as they have become deprecated by the latest TLS specification so it is not motivated to implement them.</item> + <item>Compression is not supported.</item> <item>CRL validation is supported.</item> <item>Policy certificate extensions are not supported.</item> <item>'Server Name Indication' extension (<url href="http://www.ietf.org/rfc/rfc6066.txt">RFC 6066</url>) is supported.</item> + <item>Application Layer Protocol Negotiation (ALPN) and its successor Next Protocol Negotiation (NPN) + are supported. </item> + <item>It is possible to use Pre-Shared Key (PSK) and Secure Remote Password (SRP) + cipher suites, but they are not enabled by default. + </item> </list> </description> @@ -109,7 +117,7 @@ <item><p>List of extra user-defined arguments to the <c>init</c> function in the session cache callback module. Defaults to <c>[]</c>.</p></item> - <tag><c><![CDATA[session_cache_client_max = integer() <optional>]]></c><br/> + <tag><c><![CDATA[session_cache_client_max = integer() <optional>]]></c><br/></tag> <item><p>Limits the growth of the clients session cache, that is how many sessions towards servers that are cached to be used by new client connections. If the maximum number of sessions is @@ -142,8 +150,6 @@ shutdown gracefully. Defaults to 5000 milliseconds. </p> </item> - </tag> - </taglist> </section> diff --git a/lib/ssl/doc/src/ssl_distribution.xml b/lib/ssl/doc/src/ssl_distribution.xml index 495e02d271..4bd5f67202 100644 --- a/lib/ssl/doc/src/ssl_distribution.xml +++ b/lib/ssl/doc/src/ssl_distribution.xml @@ -98,6 +98,7 @@ {stdlib,"1.18"}, {crypto, "2.0.3"}, {public_key, "0.12"}, + {asn1, "4.0"}, {ssl, "5.0"} ]}. </code> |