diff options
Diffstat (limited to 'lib/ssl/doc')
-rw-r--r-- | lib/ssl/doc/src/notes.xml | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 1a93572dc7..29ec3f9d57 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -28,114 +28,6 @@ <p>This document describes the changes made to the SSL application.</p> -<section><title>SSL 8.2</title> - - <section><title>Fixed Bugs and Malfunctions</title> - <list> - <item> - <p> - ECDH-ECDSA key exchange supported, was accidently - dismissed in earlier versions.</p> - <p> - Own Id: OTP-14421</p> - </item> - </list> - </section> - - - <section><title>Improvements and New Features</title> - <list> - <item> - <p> - TLS-1.2 clients will now always send hello messages on - its own format, as opposed to earlier versions that will - send the hello on the lowest supported version, this is a - change supported by the latest RFC.</p> - <p> - This will make interoperability with some newer servers - smoother. Potentially, but unlikely, this could cause a - problem with older servers if they do not adhere to the - RFC and ignore unknown extensions.</p> - <p> - *** POTENTIAL INCOMPATIBILITY ***</p> - <p> - Own Id: OTP-13820</p> - </item> - <item> - <p> - Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in - order to satisfy specific security requirements (mostly - by different parts of the US federal government). </p> - <p> - See the new crypto users guide "FIPS mode" chapter about - building and using the FIPS support which is disabled by - default.</p> - <p> - (Thanks to dszoboszlay and legoscia)</p> - <p> - Own Id: OTP-13921 Aux Id: PR-1180 </p> - </item> - <item> - <p> - Implemented DTLS cookie generation, requiered by spec, - instead of using hardcode value.</p> - <p> - Own Id: OTP-14076</p> - </item> - <item> - <p> - Implement sliding window replay protection of DTLS - records.</p> - <p> - Own Id: OTP-14077</p> - </item> - <item> - <p> - TLS client processes will by default call - public_key:pkix_verify_hostname/2 to verify the hostname - of the connection with the server certifcates specified - hostname during certificate path validation. The user may - explicitly disables it. Also if the hostname can not be - derived from the first argument to connnect or is not - supplied by the server name indication option, the check - will not be performed.</p> - <p> - Own Id: OTP-14197</p> - </item> - <item> - <p> - Extend connection_information/[1,2] . The values - session_id, master_secret, client_random and - server_random can no be accessed by - connection_information/2. Note only session_id will be - added to connection_information/1. The rational is that - values concerning the connection security should have to - be explicitly requested.</p> - <p> - Own Id: OTP-14291</p> - </item> - <item> - <p> - Chacha cipher suites are currently not tested enough to - be most prefered ones</p> - <p> - Own Id: OTP-14382</p> - </item> - <item> - <p> - Basic support for DTLS that been tested together with - OpenSSL.</p> - <p> - Test by providing the option {protocol, dtls} to the ssl - API functions connect and listen.</p> - <p> - Own Id: OTP-14388</p> - </item> - </list> - </section> - -</section> - <section><title>SSL 8.1.3</title> <section><title>Fixed Bugs and Malfunctions</title> |