aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl.xml
AgeCommit message (Collapse)Author
2019-04-30ssl: Fix cherry-pick mistakesIngela Anderton Andin
2019-04-30ssl: Refer documentation of HttpPacket from ertsPéter Dimitrov
Do not document http_packet() in ssl but refer to description of erlang:decode_packet/3. Change-Id: Ib2d0e4fc9605e40fe98bb249bc17fc39046d137a Conflicts: lib/ssl/src/ssl.erl
2019-04-30ssl: Update type spec of ssl:suite_to_str/1Péter Dimitrov
Change-Id: I7987e80cca7af184a9f40cdcd8ea8f07c318ba0d
2019-04-30ssl: Update function ssl:eccs/1Péter Dimitrov
Remove support of version tuples (e.g. {3,3}) from API function ssl:eccs/1. Update function spec and documentation. Change-Id: I891e42a2ca31c3e06b4edeeb866c0df874f2035b Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-04-30ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0 Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-04-30ssl: Fix missing anchor warningPéter Dimitrov
Change-Id: Iafbf60765b4635d6a50286080716c67231bb5cd9
2019-04-30ssl: Changed function specs and ssl.xmlKenneth Lundin
Changed function specs and ssl.xml for generation of documentation according to the new way. Change-Id: I17b59b80f9072c3d2c20aea1b102f1e9c86987a0 Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-03-11ssl: Fix transport transparancyIngela Anderton Andin
2019-03-04Merge branch 'essen/ssl-active-n' into maintRaimo Niskanen
* essen/ssl-active-n: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N} Conflicts: lib/ssl/src/ssl.erl
2019-02-22ssl: Enhance documentation after "use-spec-rewrite"Ingela Anderton Andin
2019-02-19ssl: Document {active,N}Loïc Hoguin
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2019-01-14ssl: Add value 'save' to reuse_sessions and reuse_session client optionIngela Anderton Andin
We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false.
2018-12-12Add empty 'since' attribute for old modules and functionsSverker Eriksson
2018-12-11Add "since" attributes in xml for new functions and modulesSverker Eriksson
introduced after OTP_R13B03.
2018-08-07ssl: Fix typosIngela Anderton Andin
2018-07-09ssl: Improve error handlingIngela Anderton Andin
When doing ssl:controlling_process on a ssl socket that has not performed the TLS/DTLS handshake that call will succeed even though the documentation stated otherwise. However if some other ssl option was incorrect the call would hang. Now {error, closed} will be returned in the latter case, which is logical independent on if it should succeed or not in the former case. The former case will continue to succeed, as it is not dependent of the TLS/DTLS connection being established, and the documentation is altered slightly to not explicitly disallow it. If the TLS/DTLS connection later fails and the socket mode is active, the new controlling process will be notified as expected.
2018-07-04ssl: Add connection information on new cipher_suite formatIngela Anderton Andin
2018-06-18Merge remote-tracking branch 'origin/henrik/Update-copyright'Henrik Nord
* origin/henrik/Update-copyright: Update copyright year
2018-06-18Update copyright yearHenrik Nord
2018-06-18ssl: Document enhancementsIngela Anderton Andin
2018-06-14Merge branch 'ingela/ssl/21-enhanchment'Ingela Anderton Andin
* ingela/ssl/21-enhanchment: ssl: Add handle_continue/2 and document enhancements
2018-06-14ssl: Add handle_continue/2 and document enhancementsIngela Anderton Andin
* deprecation of ssl:ssl_accept/[1,2,3] * deprecation of ssl:cipher_suites/[0,1] * More consistent naming
2018-06-12Merge branch 'peterdmv/ssl/suite_to_str/ERL-600/OTP-15106'Péter Dimitrov
* peterdmv/ssl/suite_to_str/ERL-600/OTP-15106: ssl: Add new API function suite_to_str/1 Change-Id: Icf214ece4e1d281da12b02dadc63d4a2ca346563
2018-06-11ssl: Add new API function suite_to_str/1Péter Dimitrov
Add new API function for converting cipher suite maps to their textual representation. Change-Id: I43681930b38e0f3bdb4dfccbf9e8895aa2d6a281
2018-06-08ssl: Add option customize_hostname_checkIngela Anderton Andin
2018-04-24ssl: Add new API functionsIngela Anderton Andin
2018-03-09ssl: Remove interoperability option v2_hello_compatibleIngela Anderton Andin
2018-03-08ssl: Increase security with safer defaultIngela Anderton Andin
The interoperability option to fallback to insecure renegotiation now has to be explicitly turned on.
2018-02-07Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl lib/ssl/test/ssl_test_lib.erl
2018-02-07ssl: Make sure anonymous suites are handled separatelyIngela Anderton Andin
Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes.
2018-02-05ssl: Add new API functions for cipher suite handlingIngela Anderton Andin
2018-01-17dtls: Add DTLS handling to utility functionsIngela Anderton Andin
2017-12-13ssl: Document DTLSIngela Anderton Andin
2017-11-21ssl: Marker inserted to enable a reference from cryptoHans Nilsson
2017-11-13ssl: Fix broken link in docIngela Anderton Andin
2017-11-08ssl: Add private key configuration for crypto engineIngela Anderton Andin
2017-10-13ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-06-07ssl: Document DTLSIngela Anderton Andin
2017-05-06ssl: Add hostname check of server certificateIngela Anderton Andin
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun.
2017-05-04Update copyright yearRaimo Niskanen
2017-03-21ssl: Add connection information itemsIngela Anderton Andin
Add session_id and remove undocumented ssl:session_info/1 Add client_random, server_random and master_secret, they will not be included in ssl:connection_information/1 as they may affect the connections security if used recklessly.
2017-01-17ssl: Handle really big handshake packagesIngela Anderton Andin
If a handshake message is really big it could happen that the ssl process would hang due to failing of requesting more data from the socket. This has been fixed. Also added option to limit max handshake size. It has a default value that should be big enough to handle normal usage and small enough to mitigate DoS attacks.
2016-11-02Add ECC curve selection order config in TLS serverFred Hebert
As per RFC 4492 Sec 5.1, the preferred order of selection of named curves is based on client preferences. Currently, the SSL application only picks entries according to the absolute order of entries as tracked in a hardcoded list in code. This patch changes things so that the client-specified order is preferred. It also allows a mode where the server can be configured to override the client's preferred order with its own, although the chosen ECC must still be within both lists. The configuration is done through the following options: - `eccs`, shared by clients and servers alike, allows the specification of the supported named curves, in their preferred order, and may eventually support more values for explicit primes and so on. - `honor_ecc_order`, a server-only option, is similar to `honor_cipher_order` and will, by default let the server pick the client-preferred ECC, and otherwise pick the server-preferred one. The default value for `eccs` is the same as before, although the server-chosen ECC now defaults to the client rather than previous choice. A function `ssl:eccs()` has been added that returns the highest supported ECCs for the library.
2016-10-05ssl: Adjust cipher type to conform to implementationIngela Anderton Andin
2016-06-16ssl: Fix Xmllint errorsIngela Anderton Andin
2016-06-14Merge branch 'legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530'Ingela Anderton Andin
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530: Skip crl_hash_dir_expired test for LibreSSL Add ssl_crl_hash_dir module Function for generating OpenSSL-style name hashes Add public_key:pkix_match_dist_point Improve formatting for crl_{check,cache} options Add issuer arg to ssl_crl_cache_api lookup callback Conflicts: lib/public_key/test/public_key_SUITE.erl
2016-06-09Add ssl:getstat/1 and ssl:getstat/2Loïc Hoguin
These functions call getstat on the underlying TCP socket. The only way to do this before now was to use a hack, either by looking inside the #sslsocket{} record directly, or by not using the SSL listen/accept functions and upgrading from a TCP socket that is kept around for the purpose of calling getstat later on.
2016-06-07Merge branch 'ingela/ssl/phase-out-sslv2-hello/OTP-13465'Ingela Anderton Andin
* ingela/ssl/phase-out-sslv2-hello/OTP-13465: ssl: Add option to phase out support for sslv2 client hello
2016-06-03ssl: Add option to phase out support for sslv2 client helloIngela Anderton Andin
ssl servers can recognize sslv2 client hellos to interop with clients that support higher version of SSL/TLS but also offers sslv2 Conflicts: lib/ssl/src/tls_connection.erl