2 files changed, 82 insertions, 12 deletions

diff --git a/lib/ssl/doc/src/new_ssl.xml b/lib/ssl/doc/src/new_ssl.xml
index ab6e112a35..69298759bd 100644
--- a/lib/ssl/doc/src/new_ssl.xml
+++ b/lib/ssl/doc/src/new_ssl.xml
@@ -22,7 +22,6 @@
 
   The Initial Developer of the Original Code is Ericsson AB.
     </legalnotice>
-
     <title>ssl</title>
     <prepared>Ingela Anderton Andin</prepared>
     <responsible>Ingela Anderton Andin</responsible>
@@ -83,11 +82,15 @@
             meaningless pid.</item>
       <item>New API functions are
             ssl:shutdown/2, ssl:cipher_suites/[0,1] and
-            ssl:versions/0</item>
+            ssl:versions/0, ssl:renegotiate/1</item>
       <item>CRL and policy certificate
             extensions are not supported yet. </item>
       <item>Supported SSL/TLS-versions are SSL-3.0 and TLS-1.0 </item>
       <item>For security reasons sslv2 is not supported.</item>
+      <item>Ephemeral Diffie-Hellman cipher suites are supported
+      but not Diffie Hellman Certificates cipher suites.</item>
+      <item>Export cipher suites are not supported as the
+      U.S. lifted its export restrictions in early 2000.</item>
     </list>
  
   </section>
@@ -148,25 +151,20 @@
     
     <p><c>protocol() = sslv3 | tlsv1 </c></p>
     
-    <p><c>ciphers() = [ciphersuite()] | sting() (according to old API)</c></p>
+    <p><c>ciphers() = [ciphersuite()] | string() (according to old API)</c></p>
     
     <p><c>ciphersuite() =
-      {key_exchange(), cipher(), hash(), exportable()}</c></p>
+      {key_exchange(), cipher(), hash()}</c></p>
     
-    <p><c>key_exchange() =  rsa | dh_dss | dh_rsa | dh_anon | dhe_dss
-      | dhe_rsa | krb5 | KeyExchange_export
+    <p><c>key_exchange() =  rsa | dhe_dss | dhe_rsa
     </c></p>
 
-   <p><c>cipher() = rc4_128 | idea_cbc | des_cbc | '3des_ede_cbc'
-      des40_cbc | dh_dss | aes_128_cbc | aes_256_cbc |
-      rc2_cbc_40 | rc4_40  </c></p>
+   <p><c>cipher() = rc4_128 | des_cbc | '3des_ede_cbc'
+      | aes_128_cbc | aes_256_cbc </c></p>
 
    <p> <c>hash() = md5 | sha
     </c></p>
 
-   <p> <c>exportable() = export | no_export | ignore
-    </c></p>
-
     <p><c>ssl_imp() = new | old - default is old.</c></p>
     
   </section>
@@ -409,6 +407,17 @@ end
       </desc>
     </func>
 
+     <func>
+      <name>format_error(Reason) -> string()</name>
+      <fsummary>Return an error string.</fsummary>
+      <type>
+        <v>Reason = term()</v>
+      </type>
+      <desc>
+        <p>Presents the error returned by an ssl function as a printable string.</p>
+      </desc>
+    </func>
+   
     <func>
       <name>getopts(Socket) -> </name>
       <name>getopts(Socket, OptionNames) ->
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 9d13427677..f213bd11ae 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,6 +30,67 @@
   </header>
   <p>This document describes the changes made to the SSL application.
     </p>
+
+    <section><title>SSL 3.11.1</title>
+    
+    <section><title>Fixed Bugs and Malfunctions</title>
+    <list>
+      <item>
+          <p>
+            Fixed handling of several ssl/tls packets arriving at the
+	    same time. This was broken during a refactoring of the
+            code.</p>
+	    <p>
+	    Own Id: OTP-8679</p>
+      </item>
+      </list>
+    </section>
+    
+
+    <section><title>Improvements and New Features</title>
+    <list>
+        <item>
+          <p>
+            Added missing checks for padding and Mac value. Removed
+            code for export ciphers and DH certificates as we decided
+            not to support them.</p>
+          <p>
+            Own Id: OTP-7047</p>
+        </item>
+        <item>
+          <p>
+            New ssl will no longer return esslerrssl to be backwards
+            compatible with old ssl as this hids infomation from the
+            user. format_error/1 has been updated to support new ssl.</p>
+          <p>
+            *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+            Own Id: OTP-7049</p>
+        </item>
+        <item>
+          <p>
+            New ssl now supports secure renegotiation as described by
+            RFC 5746.</p>
+          <p>
+            Own Id: OTP-8568</p>
+        </item>
+        <item>
+          <p>
+            Alert handling has been improved to better handle
+            unexpected but valid messages and the implementation is
+            also changed to avoid timing related issues that could
+            cause different error messages depending on network
+            latency. Packet handling was sort of broken but would
+            mostly work as expected when socket was in binary mode.
+            This has now been fixed.</p>
+          <p>
+            Own Id: OTP-8588</p>
+        </item>
+      </list>
+    </section>
+    
+</section>
+    
 <section><title>SSL 3.11</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>