2 files changed, 153 insertions, 14 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index d13ad09470..5a39cac9bc 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2016</year>
+      <year>1999</year><year>2017</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -28,6 +28,122 @@
   <p>This document describes the changes made to the SSL application.</p>
 
 
+<section><title>SSL 8.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    ECDH-ECDSA key exchange supported, was accidently
+	    dismissed in earlier versions.</p>
+          <p>
+	    Own Id: OTP-14421</p>
+        </item>
+        <item>
+          <p>
+	    Correct close semantics for active once connections. This
+	    was a timing dependent bug the resulted in the close
+	    message not always reaching the ssl user process.</p>
+          <p>
+	    Own Id: OTP-14443</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    TLS-1.2 clients will now always send hello messages on
+	    its own format, as opposed to earlier versions that will
+	    send the hello on the lowest supported version, this is a
+	    change supported by the latest RFC.</p>
+          <p>
+	    This will make interoperability with some newer servers
+	    smoother. Potentially, but unlikely, this could cause a
+	    problem with older servers if they do not adhere to the
+	    RFC and ignore unknown extensions.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-13820</p>
+        </item>
+        <item>
+          <p>
+	    Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in
+	    order to satisfy specific security requirements (mostly
+	    by different parts of the US federal government). </p>
+          <p>
+	    See the new crypto users guide "FIPS mode" chapter about
+	    building and using the FIPS support which is disabled by
+	    default.</p>
+          <p>
+	    (Thanks to dszoboszlay and legoscia)</p>
+          <p>
+	    Own Id: OTP-13921 Aux Id: PR-1180 </p>
+        </item>
+        <item>
+          <p>
+	    Implemented DTLS cookie generation, required by spec,
+	    instead of using a hardcoded value.</p>
+          <p>
+	    Own Id: OTP-14076</p>
+        </item>
+        <item>
+          <p>
+	    Implement sliding window replay protection of DTLS
+	    records.</p>
+          <p>
+	    Own Id: OTP-14077</p>
+        </item>
+        <item>
+          <p>
+	    TLS client processes will by default call
+	    public_key:pkix_verify_hostname/2 to verify the hostname
+	    of the connection with the server certificates specified
+	    hostname during certificate path validation. The user may
+	    explicitly disables it. Also if the hostname can not be
+	    derived from the first argument to connect or is not
+	    supplied by the server name indication option, the check
+	    will not be performed.</p>
+          <p>
+	    Own Id: OTP-14197</p>
+        </item>
+        <item>
+          <p>
+	    Extend connection_information/[1,2] . The values
+	    session_id, master_secret, client_random and
+	    server_random can no be accessed by
+	    connection_information/2. Note only session_id will be
+	    added to connection_information/1. The rational is that
+	    values concerning the connection security should have to
+	    be explicitly requested.</p>
+          <p>
+	    Own Id: OTP-14291</p>
+        </item>
+        <item>
+          <p>
+	    Chacha cipher suites are currently not tested enough to
+	    be most preferred ones</p>
+          <p>
+	    Own Id: OTP-14382</p>
+        </item>
+        <item>
+          <p>
+	    Basic support for DTLS that been tested together with
+	    OpenSSL.</p>
+          <p>
+	    Test by providing the option {protocol, dtls} to the ssl
+	    API functions connect and listen.</p>
+          <p>
+	    Own Id: OTP-14388</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SSL 8.1.3</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
@@ -197,7 +313,14 @@
 	    message.</p>
           <p>
 	    Own Id: OTP-13853</p>
+	</item>
+
+	<item>
+	  <p>Correct handling of signature algorithm selection</p>
+          <p>
+	    Own Id: OTP-13711</p>
         </item>
+
       </list>
     </section>
 
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 916b41742e..ca2dcbb761 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2016</year>
+      <year>1999</year><year>2017</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -127,7 +127,7 @@
       <item><p><c>hostname() | ipaddress()</c></p></item>
 
       <tag><c>hostname() =</c></tag>
-      <item><p><c>string()</c></p></item>
+      <item><p><c>string() - DNS hostname</c></p></item>
 
       <tag><c>ip_address() =</c></tag>
       <item><p><c>{N1,N2,N3,N4} % IPv4 | {K1,K2,K3,K4,K5,K6,K7,K8} % IPv6
@@ -189,6 +189,11 @@
     
     <taglist>
 
+      <tag><c>{protocol, tls | dtls}</c></tag>
+      <item><p>Choose TLS or DTLS protocol for the transport layer security.
+      Defaults to <c>tls</c> Introduced in OTP 20, DTLS support is considered
+      experimental in this release. DTLS over other transports than UDP are not yet supported.</p></item>
+
       <tag><c>{cert, public_key:der_encoded()}</c></tag>
       <item><p>The DER-encoded users certificate. If this option
       is supplied, it overrides option <c>certfile</c>.</p></item>
@@ -249,7 +254,7 @@
       be PEER, CA, ROOT-CA; if 2 the path can be PEER, CA, CA, 
       ROOT-CA, and so on. The default value is 1.</p></item>
 
-      <tag><c>{verify_fun, {Verifyfun :: fun(), InitialUserState ::
+      <tag><marker id="verify_fun"/><c>{verify_fun, {Verifyfun :: fun(), InitialUserState ::
       term()}}</c></tag>
       <item><p>The verification fun is to be defined as follows:</p>
 
@@ -582,15 +587,23 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <item><p>Specifies the username and password to use to authenticate
       to the server.</p></item>
 
-      <tag><c>{server_name_indication, hostname()}</c></tag>
-      <item><p>Can be specified when upgrading a TCP socket to a TLS
-        socket to use the TLS Server Name Indication extension.</p></item>
+      <tag><c>{server_name_indication, HostName :: hostname()}</c></tag>
+      <item><p>Specify the hostname to be used in TLS Server Name Indication extension.
+      Is usefull when upgrading a TCP socket to a TLS socket or if the hostname can not be 
+      derived from the Host argument to <seealso marker="ssl#connect-3">ssl:connect/3</seealso>.
+      Will also cause the client to preform host name verification of the peer certificate
+      <seealso marker="public_key:public_key#pkix_verify_hostname-2">public_key:pkix_verify_hostname(PeerCert, [{dns_id, HostName}])</seealso>
+      </p> during the x509-path validation. If the check fails the error {bad_cert, hostname_check_failiure} will be
+      propagated to the path validation fun <seealso marker="#verify_fun">verify_fun</seealso>
+      </item>
 
 	<tag><c>{server_name_indication, disable}</c></tag>
       <item>
         <p>When starting a TLS connection without upgrade, the Server Name
-        Indication extension is sent if possible. This option can be
-        used to disable that behavior.</p>
+        Indication extension is sent if possible that is can be derived from the Host argument 
+        to <seealso marker="ssl#connect-3">ssl:connect/3</seealso>.  
+	This option can be used to disable that behavior.</p>
+	<note><p> Note that this also disables the default host name verification check of the peer certificate.</p></note>
       </item>
       <tag><c>{fallback, boolean()}</c></tag>
       <item>
@@ -935,13 +948,14 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <fsummary>Returns all the connection information.
       </fsummary>
       <type>
-        <v>Item = protocol | cipher_suite | sni_hostname | ecc | atom()</v>
+        <v>Item = protocol | cipher_suite | sni_hostname | ecc | session_id | atom()</v>
 	<d>Meaningful atoms, not specified above, are the ssl option names.</d>
 	<v>Result = [{Item::atom(), Value::term()}]</v>
         <v>Reason = term()</v>
       </type>
-      <desc><p>Returns all relevant information about the connection, ssl options that
-      are undefined will be filtered out.</p>
+      <desc><p>Returns the most relevant information about the connection, ssl options that
+      are undefined will be filtered out. Note that values that affect the security of the
+      connection will only be returned if explicitly requested by connection_information/2.</p>
       </desc>
     </func>
 
@@ -952,8 +966,10 @@ fun(srp, Username :: string(), UserState :: term()) ->
       </fsummary>
       <type>
 	<v>Items = [Item]</v>
-	<v>Item = protocol | cipher_suite | sni_hostname | atom()</v>
-	<d>Meaningful atoms, not specified above, are the ssl option names.</d>
+	<v>Item = protocol | cipher_suite | sni_hostname | ecc | session_id | client_random 
+          | server_random  | master_secret | atom()</v>
+	<d>Note that client_random, server_random  and master_secret are values
+        that affect the security of connection. Meaningful atoms, not specified above, are the ssl option names.</d>
 	<v>Result = [{Item::atom(), Value::term()}]</v>
         <v>Reason = term()</v>
       </type>