aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src
AgeCommit message (Collapse)Author
2015-06-10Merge branch 'ferd/deny-client-renegotiation'Henrik Nord
* ferd/deny-client-renegotiation: Add disable client-initiated renegotiation option Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl OTP-12815
2015-06-03Add disable client-initiated renegotiation optionFred Hebert
Client-initiated renegotiation is more costly for the server than the client, and this feature can be abused in denial of service attempts. Although the ssl application already takes counter-measure for these (via cooldown periods between renegotiations), it can be useful to disable the feature entirely. This patch adds the `{client_renegotiation, boolean()}' option to the server-side of the SSL application (defaulting to `true' to be compatible with the current behaviour). The option disables the ability to do any renegotiation at all in the protocol's state, reusing the existing denial code, but without opening the code path that sets up a timed message to eventually reopen it up.
2015-06-02Merge branch 'maint'Henrik Nord
Conflicts: OTP_VERSION lib/inets/test/httpd_SUITE.erl lib/inets/vsn.mk lib/ssh/src/ssh.erl lib/ssh/vsn.mk lib/ssl/src/ssl.appup.src lib/ssl/vsn.mk
2015-06-01Update release notesErlang/OTP
2015-05-13ssl: Align "=" sign in type declarations to decided policyIngela Anderton Andin
2015-05-13Revert "Prepare release"Henrik Nord
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
2015-05-12Prepare releaseErlang/OTP
2015-05-12ssl: add option sni_funQijiang Fan
The newly added function sni_fun allows dynamic update of SSL options like keys and certificates depending on different SNI hostname, rather than a predefined rules of SSL options.
2015-05-12ssl: docs: SNI server, connection_information/1,2Qijiang Fan
2015-05-11ssl: Align "=" sign in type declarations to decided policyIngela Anderton Andin
2015-05-11public_key, ssl: Align public_key and ssl docIngela Anderton Andin
Make sure that links from ssl to public_key work. OTP-12670 - Ignoring 1.2 extension in 1.0 or TLS-1.1 solved by 5edda23ee854038c9d4bcddd0d676ee0ffd20da5 is mentioned here to make the release scripts happy, as the branch solving this accidently had a name ending 1267 instead of 12670
2015-05-04ssl: Add missing tagIngela Anderton Andin
2015-04-30ssl: Put back markerIngela Anderton Andin
2015-04-30ssl: Fix linksIngela Anderton Andin
2015-04-30ssl: Align with application naming rulesIngela Anderton Andin
ssl SSL crypto Crypto stdlib STDLIB kernel Kernel public_key Public Key
2015-04-30ssl: Keep information in one place onlyIngela Anderton Andin
2015-04-30ssl: Correct makefileIngela Anderton Andin
2015-04-09ssl: Document enhancementsIngela Anderton Andin
2015-04-09ssl: Align with alphabetical orderIngela Anderton Andin
2015-04-09ssl: Align with editorial changesIngela Anderton Andin
2015-04-09ssl: Correct merge errorIngela Anderton Andin
2015-04-09ssl: Add linksIngela Anderton Andin
2015-04-09ssl: Correct typosIngela Anderton Andin
2015-04-09ssl: Correct XML-tagIngela Anderton Andin
2015-04-09ssl: Technically clarify descriptionIngela Anderton Andin
Change description proposed by technical writer to make better use of technical terms. Also add some new language improvments discussed with the technical writer.
2015-04-09ssl: Editorial updatesxsipewe
2015-04-01Merge tag 'OTP-17.5'Henrik Nord
=== OTP-17.5 === Changed Applications: - asn1-3.0.4 - common_test-1.10 - compiler-5.0.4 - crypto-3.5 - debugger-4.0.3 - dialyzer-2.7.4 - diameter-1.9 - eldap-1.1.1 - erts-6.4 - hipe-3.11.3 - inets-5.10.6 - kernel-3.2 - mnesia-4.12.5 - observer-2.0.4 - os_mon-2.3.1 - public_key-0.23 - runtime_tools-1.8.16 - ssh-3.2 - ssl-6.0 - stdlib-2.4 - syntax_tools-1.6.18 - test_server-3.8 - tools-2.7.2 - wx-1.3.3 Unchanged Applications: - cosEvent-2.1.15 - cosEventDomain-1.1.14 - cosFileTransfer-1.1.16 - cosNotification-1.1.21 - cosProperty-1.1.17 - cosTime-1.1.14 - cosTransactions-1.2.14 - edoc-0.7.16 - erl_docgen-0.3.7 - erl_interface-3.7.20 - et-1.5 - eunit-2.2.9 - gs-1.5.16 - ic-4.3.6 - jinterface-1.5.12 - megaco-3.17.3 - odbc-2.10.22 - orber-3.7.1 - ose-1.0.2 - otp_mibs-1.0.10 - parsetools-2.0.12 - percept-0.8.10 - reltool-0.6.6 - sasl-2.4.1 - snmp-5.1.1 - typer-0.9.8 - webtool-0.8.10 - xmerl-1.3.7 Conflicts: OTP_VERSION erts/vsn.mk lib/ssl/vsn.mk
2015-03-31Prepare releaseErlang/OTP
2015-03-19Merge branch 'essen/ssl-alpn'Zandra Hird
* essen/ssl-alpn: ssl: Add TLS-ALPN support OTP-12580
2015-03-17ssl: Add TLS-ALPN supportLoïc Hoguin
This commit adds support for RFC7301, application-layer protocol negotiation. ALPN is the standard based approach to the NPN extension, and is required for HTTP/2. ALPN lives side by side with NPN and provides an equivalent feature but in this case it is the server that decides what protocol to use, not the client. When both ALPN and NPN are sent by a client, and the server is configured with both ALPN and NPN options, ALPN will always take precedence. This behavior can also be found in the OpenSSL implementation of ALPN. ALPN and NPN share the ssl:negotiated_protocol/1 function for retrieving the negotiated protocol. The previously existing function ssl:negotiated_next_protocol/1 still exists, but has been deprecated and removed from the documentation. The tests against OpenSSL require OpenSSL version 1.0.2+.
2015-03-17ssl: Improve documentationIngela Anderton Andin
2015-03-09ssl: Integrate public_key CRL verification with the ssl applicationIngela Anderton Andin
2015-03-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl
2015-03-02ssl: Implement support for TLS_FALLBACK_SCSVIngela Anderton Andin
2015-02-06Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl_app.xml lib/ssl/src/ssl_manager.erl
2015-02-06ssl: Improve PEM cache by validating entriesIngela Anderton Andin
The PEM cache is now validated by a background process, instead of always keeping it if it is small enough and clearing it otherwhiss. That strategy required that small caches where cleared by API function if a file changes on disk. However document the clearing API function as it can still be usefull.
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2015-01-23ssl: Remove sslv3 from the default supported protocol versionsIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
2014-12-10Merge tag 'OTP-17.4'Marcus Arendt
=== OTP-17.4 === Changed Applications: - asn1-3.0.3 - common_test-1.9 - compiler-5.0.3 - crypto-3.4.2 - debugger-4.0.2 - dialyzer-2.7.3 - diameter-1.8 - edoc-0.7.16 - eldap-1.1 - erl_docgen-0.3.7 - erl_interface-3.7.20 - erts-6.3 - eunit-2.2.9 - hipe-3.11.2 - inets-5.10.4 - jinterface-1.5.12 - kernel-3.1 - megaco-3.17.3 - mnesia-4.12.4 - observer-2.0.3 - odbc-2.10.22 - otp_mibs-1.0.10 - parsetools-2.0.12 - percept-0.8.10 - runtime_tools-1.8.15 - snmp-5.1.1 - ssh-3.1 - ssl-5.3.8 - stdlib-2.3 - syntax_tools-1.6.17 - test_server-3.7.2 - tools-2.7.1 - wx-1.3.2 Unchanged Applications: - cosEvent-2.1.15 - cosEventDomain-1.1.14 - cosFileTransfer-1.1.16 - cosNotification-1.1.21 - cosProperty-1.1.17 - cosTime-1.1.14 - cosTransactions-1.2.14 - et-1.5 - gs-1.5.16 - ic-4.3.6 - orber-3.7.1 - os_mon-2.3 - ose-1.0.2 - public_key-0.22.1 - reltool-0.6.6 - sasl-2.4.1 - typer-0.9.8 - webtool-0.8.10 - xmerl-1.3.7 Conflicts: OTP_VERSION erts/vsn.mk
2014-12-09Prepare releaseErlang/OTP
2014-10-15Merge branch 'maint'Hans Nilsson
2014-10-15Merge branch 'maint-17' into maintBruce Yinhe
Conflicts: OTP_VERSION
2014-10-13Merge branch 'ia/ssl/seperate-clinet-server-session-table/OTP-11365'Ingela Anderton Andin
* ia/ssl/seperate-clinet-server-session-table/OTP-11365: ssl: Separate session cache for client and server
2014-10-13ssl: Separate session cache for client and serverIngela Anderton Andin
Even though in the most common case an erlang node will not be both client and server, it may happen (for instance when running the erlang ditribution over TLS). Also try to mitigate the affect of dumb clients that could cause a very lagre session cache on the client side that can cause long delays in the client. The server will have other means to handle a large session table and will not do any select operations on it anyhow.
2014-10-13Update release notesErlang/OTP
2014-10-06Merge branch 'maint'Ingela Anderton Andin
2014-10-03ssl: Fix link error in documentationIngela Anderton Andin
2014-09-17Merge tag 'OTP-17.3'Henrik Nord
=== OTP-17.3 === Changed Applications: - asn1-3.0.2 - common_test-1.8.2 - compiler-5.0.2 - crypto-3.4.1 - dialyzer-2.7.2 - diameter-1.7.1 - edoc-0.7.15 - erl_docgen-0.3.6 - erl_interface-3.7.18 - erts-6.2 - eunit-2.2.8 - hipe-3.11.1 - ic-4.3.6 - inets-5.10.3 - jinterface-1.5.10 - kernel-3.0.3 - megaco-3.17.2 - mnesia-4.12.3 - observer-2.0.2 - odbc-2.10.21 - os_mon-2.3 - ose-1.0.1 - public_key-0.22.1 - sasl-2.4.1 - snmp-5.1 - ssh-3.0.5 - ssl-5.3.6 - stdlib-2.2 - tools-2.7 - wx-1.3.1 Unchanged Applications: - cosEvent-2.1.15 - cosEventDomain-1.1.14 - cosFileTransfer-1.1.16 - cosNotification-1.1.21 - cosProperty-1.1.17 - cosTime-1.1.14 - cosTransactions-1.2.14 - debugger-4.0.1 - eldap-1.0.3 - et-1.5 - gs-1.5.16 - orber-3.7 - otp_mibs-1.0.9 - parsetools-2.0.11 - percept-0.8.9 - reltool-0.6.6 - runtime_tools-1.8.14 - syntax_tools-1.6.16 - test_server-3.7.1 - typer-0.9.8 - webtool-0.8.10 - xmerl-1.3.7 Conflicts: OTP_VERSION erts/vsn.mk
2014-09-15Update release notesErlang/OTP