1 files changed, 24 insertions, 13 deletions

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index fcf1fb77df..19931ce778 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -79,6 +79,7 @@
               cipher_filters/0,
               sign_algo/0,
               protocol_version/0,
+              protocol_version_tuple/0,
               protocol_extensions/0,
               session_id/0,
               error_alert/0,
@@ -112,6 +113,7 @@
                                     aes_128_gcm |
                                     aes_256_gcm |
                                     chacha20_poly1305 |
+                                    null |
                                     legacy_cipher(). % exported
 -type legacy_cipher()            ::  rc4_128 |
                                      des_cbc |
@@ -119,7 +121,8 @@
 
 -type hash()                     :: sha |
                                     sha2() |
-                                    legacy_hash(). % exported
+                                    legacy_hash() |
+                                    null. % exported
 
 -type sha2()                    ::  sha224 |
                                     sha256 |
@@ -135,7 +138,7 @@
                                    srp_rsa| srp_dss |
                                    psk | dhe_psk | rsa_psk |
                                    dh_anon | ecdh_anon | srp_anon |
-                                   any. %% TLS 1.3 , exported
+                                   any | null. %% TLS 1.3 , exported
 -type erl_cipher_suite()       :: #{key_exchange := kex_algo(),
                                     cipher := cipher(),
                                     mac    := hash() | aead,
@@ -397,7 +400,9 @@ stop() ->
 %% Description: Connect to an ssl server.
 %%--------------------------------------------------------------------
 -spec connect(TCPSocket, TLSOptions) ->
-                     {ok, sslsocket()} | {error, reason()} when
+                     {ok, sslsocket()} |
+                     {error, reason()} |
+                     {option_not_a_key_value_tuple, any()} when
       TCPSocket :: socket(),
       TLSOptions :: [tls_client_option()].
 
@@ -412,7 +417,8 @@ connect(Socket, SslOptions) when is_port(Socket) ->
              (Host, Port, TLSOptions) ->
                      {ok, sslsocket()} |
                      {ok, sslsocket(),Ext :: protocol_extensions()} |
-                     {error, reason()} when
+                     {error, reason()} |
+                     {option_not_a_key_value_tuple, any()} when
       Host :: host(),
       Port :: inet:port_number(),
       TLSOptions :: [tls_client_option()].
@@ -435,7 +441,8 @@ connect(Host, Port, Options) ->
 -spec connect(Host, Port, TLSOptions, Timeout) ->
                      {ok, sslsocket()} |
                      {ok, sslsocket(),Ext :: protocol_extensions()} |
-                     {error, reason()} when
+                     {error, reason()} |
+                     {option_not_a_key_value_tuple, any()} when
       Host :: host(),
       Port :: inet:port_number(),
       TLSOptions :: [tls_client_option()],
@@ -554,21 +561,24 @@ ssl_accept(Socket, SslOptions, Timeout) ->
 
 %% Performs the SSL/TLS/DTLS server-side handshake.
 
--spec handshake(HsSocket) -> {ok, SslSocket} | {error, Reason} when
+-spec handshake(HsSocket) -> {ok, SslSocket} | {ok, SslSocket, Ext} | {error, Reason} when
       HsSocket :: sslsocket(),
       SslSocket :: sslsocket(),
+      Ext :: protocol_extensions(),
       Reason :: closed | timeout | error_alert().
 
 handshake(ListenSocket) ->
     handshake(ListenSocket, infinity).
 
--spec handshake(HsSocket, Timeout) -> {ok, SslSocket} | {error, Reason} when
+-spec handshake(HsSocket, Timeout) -> {ok, SslSocket} | {ok, SslSocket, Ext} | {error, Reason} when
       HsSocket :: sslsocket(),
       Timeout :: timeout(),
       SslSocket :: sslsocket(),
+      Ext :: protocol_extensions(),
       Reason :: closed | timeout | error_alert();
-               (TcpSocket, Options) -> {ok, SslSocket} | {ok, SslSocket, Ext} | {error, Reason} when
-      TcpSocket :: socket(),
+               (Socket, Options) -> {ok, SslSocket} | {ok, SslSocket, Ext} | {error, Reason} when
+      Socket :: socket() | sslsocket(),
+      SslSocket :: sslsocket(),
       Options :: [server_option()],
       Ext :: protocol_extensions(),
       Reason :: closed | timeout | error_alert().
@@ -580,15 +590,16 @@ handshake(#sslsocket{} = Socket, Timeout) when  (is_integer(Timeout) andalso Tim
 handshake(ListenSocket, SslOptions)  when is_port(ListenSocket) ->
     handshake(ListenSocket, SslOptions, infinity).
 
--spec handshake(TcpSocket, Options, Timeout) ->
+-spec handshake(Socket, Options, Timeout) ->
                        {ok, SslSocket} |
                        {ok, SslSocket, Ext} |
                        {error, Reason} when
-      TcpSocket :: socket(),
+      Socket :: socket() | sslsocket(),
+      SslSocket :: sslsocket(),
       Options :: [server_option()],
       Timeout :: timeout(),
       Ext :: protocol_extensions(),
-      Reason :: closed | timeout | error_alert().
+      Reason :: closed | timeout | {options, any()} | error_alert().
 
 handshake(#sslsocket{} = Socket, [], Timeout) when (is_integer(Timeout) andalso Timeout >= 0) or 
                                                     (Timeout == infinity)->
@@ -967,7 +978,7 @@ eccs() ->
 
 %%--------------------------------------------------------------------
 -spec eccs(Version) -> NamedCurves when
-      Version :: protocol_version(),
+      Version :: protocol_version() | protocol_version_tuple(),
       NamedCurves :: [named_curve()].
 
 %% Description: returns the curves supported for a given version of