aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src
AgeCommit message (Collapse)Author
2016-06-07Merge branch 'ingela/ssl/phase-out-sslv2-hello/OTP-13465'Ingela Anderton Andin
* ingela/ssl/phase-out-sslv2-hello/OTP-13465: ssl: Add option to phase out support for sslv2 client hello
2016-06-03ssl: Add option to phase out support for sslv2 client helloIngela Anderton Andin
ssl servers can recognize sslv2 client hellos to interop with clients that support higher version of SSL/TLS but also offers sslv2 Conflicts: lib/ssl/src/tls_connection.erl
2016-06-03Move misplaced period in ssl documentationKenneth Lakin
2016-06-02Revert "Prepare release"Erlang/OTP
This reverts commit e020f75c10410a6943cd055bfa072a2641eab7da.
2016-06-02Prepare releaseErlang/OTP
2016-06-01Merge branch 'legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429'Raimo Niskanen
* legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429: Quote curly brackets in command line options Avoid disappearing ETS tables in ssl_dist_SUITE Fix db handle for TLS distribution crl_cache opts Fix ssl_dist_SUITE logging on Windows More logging in ssl_dist_SUITE TLS distribution: crl_check and crl_cache options Allow passing verify_fun for TLS distribution More informative malformed_ssl_dist_opt error
2016-05-27Merge branch 'ingela/ssl/doc-enhancment/ERL-131'Ingela Anderton Andin
* ingela/ssl/doc-enhancment/ERL-131: ssl: Add default values and clarifications
2016-05-27ssl: Add default values and clarificationsIngela Anderton Andin
2016-05-26ssl: Add BEAST mitigation selection optionKenneth Lakin
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content split BEAST mitigation technique. This commit adds a beast_mitigation SSL option (defaulting to one_n_minus_one) to select or disable the BEAST mitigation technique. Valid option values are (one_n_minus_one | zero_n | disabled).
2016-05-12Revert "Prepare release"Erlang/OTP
This reverts commit bd64ad8e15d66e48b36dbe3584315dd5cfc8b59a.
2016-05-11Prepare releaseErlang/OTP
2016-05-04Merge branch 'maint-18'Henrik Nord
Conflicts: OTP_VERSION lib/common_test/test/ct_hooks_SUITE_data/cth/tests/ct_update_config_SUITE.erl lib/common_test/vsn.mk
2016-05-03Prepare releaseErlang/OTP
2016-04-27Merge branch 'maint-18'Henrik Nord
Conflicts: OTP_VERSION lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl_cipher.erl lib/ssl/src/tls_v1.erl lib/ssl/test/ssl_basic_SUITE.erl
2016-04-26Update release notesErlang/OTP
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-04-06ssl: Remove default support for use of md5 in TLS 1.2 signature algorithmsIngela Anderton Andin
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-03-23Fix transportoption, ssloption, ssloptions types names in the documentationdef_null
2016-03-17TLS distribution: crl_check and crl_cache optionsMagnus Henoch
Allow specifying the crl_check and crl_cache options for TLS distribution connections.
2016-03-17Allow passing verify_fun for TLS distributionMagnus Henoch
Accept a value of the form {Module, Function, State} from the command line. This is different from the {Fun, State} that ssl:connect etc expect, since there's no clean way to parse a fun from a command line argument.
2016-03-15update copyright-yearHenrik Nord
2016-03-15Merge tag 'OTP-18.3'Lars Thorsen
=== OTP-18.3 === Changed Applications: - asn1-4.0.2 - common_test-1.12 - compiler-6.0.3 - cosNotification-1.2.1 - cosTime-1.2.1 - cosTransactions-1.3.1 - crypto-3.6.3 - debugger-4.1.2 - dialyzer-2.9 - diameter-1.11.2 - edoc-0.7.18 - eldap-1.2.1 - erl_docgen-0.4.2 - erl_interface-3.8.2 - erts-7.3 - eunit-2.2.13 - hipe-3.15 - inets-6.2 - kernel-4.2 - mnesia-4.13.3 - observer-2.1.2 - orber-3.8.1 - public_key-1.1.1 - runtime_tools-1.9.3 - sasl-2.7 - snmp-5.2.2 - ssh-4.2.2 - ssl-7.3 - stdlib-2.8 - test_server-3.10 - tools-2.8.3 - webtool-0.9.1 - wx-1.6.1 - xmerl-1.3.10 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosProperty-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - jinterface-1.6.1 - megaco-3.18 - odbc-2.11.1 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - typer-0.9.10 Conflicts: OTP_VERSION erts/vsn.mk lib/test_server/doc/src/notes.xml lib/test_server/vsn.mk lib/webtool/doc/src/notes.xml lib/webtool/vsn.mk
2016-03-14Prepare releaseErlang/OTP
2016-03-02Merge branch 'maint'Henrik Nord
2016-03-02Merge branch 'legoscia/tls_ipv6_dist' into maintHenrik Nord
* legoscia/tls_ipv6_dist: Add inet6_tls_dist, for TLS distribution over IPv6 Conflicts: lib/ssl/src/ssl_tls_dist_proxy.erl OTP-13391
2016-02-25Merge branch 'maint'Henrik Nord
2016-02-25Merge branch 'legoscia/critical-extension-verify-none' into maintHenrik Nord
* legoscia/critical-extension-verify-none: ssl: with verify_none, accept critical extensions OTP-13377
2016-02-22Merge branch 'maint'Ingela Anderton Andin
2016-02-22ssl: Include options form connect/listen/accept in connection_information/[1,2]Ingela Anderton Andin
Make sure that options only relevant for one role (client|server) is set to undefined when the other role is invoked. As there are many options to ssl, and many are optional, we choose to filter out all undefined options to avoid overwhelming the user with not relevant information. This way there is no need for any special handling of the role specific options which is also nice.
2016-02-19Merge branch 'ia/ssl/remove-default-DES/OTP-13195'Ingela Anderton Andin
* ia/ssl/remove-default-DES/OTP-13195: ssl: Remove DES ciphers from default configuration
2016-02-18ssl: Remove DES ciphers from default configurationIngela Anderton Andin
DES is not considered secure. Also correct 'Server Name Indication' support description.
2016-02-18Merge branch 'legoscia/ssl-doc-typos' into maintHenrik Nord
* legoscia/ssl-doc-typos: Fix typos in ssl.xml OTP-13339
2016-02-18Fix typos in ssl.xmlMagnus Henoch
2016-02-17ssl: with verify_none, accept critical extensionsMagnus Henoch
When establishing a TLS connection with {verify, verify_none}, if the server has a certificate with a critical extension, for example a "Netscape Cert Type" extension, certificate verification would fail, which is surprising given that the name of the option suggests that no verification would be performed. With this change, certificate extensions marked as critical are ignored when using verify_none.
2016-02-02Add inet6_tls_dist, for TLS distribution over IPv6Magnus Henoch
Generalise much of inet_tls_dist, so that inet6_tls_dist can reuse it.
2015-12-15Update release notesErlang/OTP
2015-12-11[ssl] Moved description details to man(6) pageLars Thorsen
2015-12-11[ssl] Correct the documentation so it follows the DTDLars Thorsen
2015-12-07Merge branch 'ia/ssl/max-sessions/OTP-12392' into maintIngela Anderton Andin
* ia/ssl/max-sessions/OTP-12392: ssl: Fix documentation mistakes ssl: Add upper limit for session cache ssl: Measure elapsed time with erlang:monotonic_time
2015-12-07ssl: Fix documentation mistakesIngela Anderton Andin
2015-12-04Merge branch 'maint-17' into maintHenrik Nord
Conflicts: OTP_VERSION erts/doc/src/notes.xml erts/vsn.mk lib/kernel/doc/src/notes.xml lib/kernel/src/kernel.appup.src lib/kernel/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl_cipher.erl lib/ssl/vsn.mk otp_versions.table
2015-12-03ssl: Add upper limit for session cacheIngela Anderton Andin
If upper limit is reached invalidate the current cache entries, e.i the session lifetime is the max time a session will be keept, but it may be invalidated earlier if the max limit for the table is reached. This will keep the ssl manager process well behaved, not exhusting memeory. Invalidating the entries will incrementally empty the cache to make room for fresh sessions entries.
2015-12-03Prepare releaseErlang/OTP
2015-12-01Fix typos in ssl.xmlMagnus Henoch
2015-09-21Prepare releaseErlang/OTP
2015-09-16ssl: Improve shutdown logicIngela Anderton Andin
Add possibility to downgrade an SSL/TLS connection to a tcp connection, and give back the socket control to a user process. Add application setting to be able to change fatal alert shutdown timeout, also shorten the default timeout. The fatal alert timeout is the number of milliseconds between sending of a fatal alert and closing the connection. Waiting a little while improves the peers chances to properly receiving the alert so it may shutdown gracefully.
2015-08-19ssl: Remove duplicate documentationIngela Anderton Andin
Correct merge that went wrong.
2015-06-25Fix formatting of depth optionEric Meadows-Jönsson