aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
AgeCommit message (Collapse)Author
2015-06-01Update release notesErlang/OTP
2015-03-31Prepare releaseErlang/OTP
2015-03-02ssl: Implement support for TLS_FALLBACK_SCSVIngela Anderton Andin
2015-02-06ssl: Improve PEM cache by validating entriesIngela Anderton Andin
The PEM cache is now validated by a background process, instead of always keeping it if it is small enough and clearing it otherwhiss. That strategy required that small caches where cleared by API function if a file changes on disk. However document the clearing API function as it can still be usefull.
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
2014-12-09Prepare releaseErlang/OTP
2014-10-15Merge branch 'maint-17' into maintBruce Yinhe
Conflicts: OTP_VERSION
2014-10-13Update release notesErlang/OTP
2014-10-03ssl: Fix link error in documentationIngela Anderton Andin
2014-09-15Update release notesErlang/OTP
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-08-25Fix misspellings of 'another'Tuncer Ayaz
2014-06-19Prepare releaseErlang/OTP
2014-04-07Update release notesErlang/OTP
2014-03-31ssl: Add possibility to specify ssl options when calling ssl:ssl_acceptIngela Anderton Andin
2014-03-03ssl: Improved documentation of the cacertfile optionIngela Anderton Andin
2014-01-28Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621'Ingela Anderton Andin
* ia/Vagabond/adt-honor-cipher-order/OTP-11621: Implement 'honor_cipher_order' SSL server-side option
2014-01-24Merge tag 'OTP_R16B03-1'Magnus Lidén
The R16B03-1 release
2014-01-24Prepare releaseOTP_R16B03-1Erlang/OTP
2014-01-21Implement 'honor_cipher_order' SSL server-side optionAndrew Thompson
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz.
2013-12-10Merge tag 'OTP_R16B03'Magnus Lidén
The R16B03 release Conflicts: lib/sasl/vsn.mk
2013-12-09Prepare releaseOTP_R16B03Erlang/OTP
2013-11-20Merge branch 'maint'Hans Nilsson
2013-11-19ftp,ssl: Fixes broken type link (ssloption).Hans Nilsson
2013-11-11Merge branch 'maint'Fredrik Gustafsson
2013-11-06Update documentationJulien Barbot
2013-11-06Add a new server_name_indication option to ssl:connectJulien Barbot
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS.
2013-11-06Add SSL Server Name Indication (SNI) client supportJulien Barbot
See RFC 6066 section 3
2013-11-04Merge branch 'maint'Fredrik Gustafsson
2013-11-01Fix client_preferred_next_protocols documentationJulien Barbot
2013-09-17Merge tag 'OTP_R16B02'Magnus Lidén
The R16B02 release Conflicts: lib/sasl/vsn.mk
2013-09-16Prepare releaseOTP_R16B02Erlang/OTP
2013-08-28Merge branch 'maint'Fredrik Gustafsson
2013-08-27ssl: documentation regarding log_alertFredrik Gustafsson
2013-08-23Merge branch 'maint'Fredrik Gustafsson
2013-08-23Merge branch 'maint-r15' into maint-r16Fredrik Gustafsson
Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_transport.erl lib/inets/src/inets_app/inets.appup.src lib/inets/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl.erl lib/ssl/src/ssl_internal.hrl lib/ssl/src/tls_connection.erl lib/ssl/vsn.mk
2013-08-21Update release notesErlang/OTP
2013-06-18Merge tag 'OTP_R16B01'Björn-Egil Dahlberg
The R16B01 release Conflicts: lib/sasl/vsn.mk
2013-06-17Prepare releaseOTP_R16B01Erlang/OTP
2013-05-08Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
Conflicts: lib/crypto/doc/src/crypto_app.xml
2013-05-08crypto: Deprecate functions, update doc and specsIngela Anderton Andin
2013-05-08SSL: add Elliptic Curve support for ssl appAndreas Schultz
2013-04-19Convert XML files to UTF-8Hans Bolinder
2013-04-05ssl & crypto: Documentation enhancementsIngela Anderton Andin
OTP-10450
2013-04-03ssl: Add option to list all available ciper suites and enhanced documentationIngela Anderton Andin
2013-03-28SSL: add documentation for PSK and SRP ciphers optionsAndreas Schultz
2013-03-17Fix SSL Next Protocol Negotiation documentationJulien Barbot
Fix inconsistencies Fix typos Fix data types definition
2013-02-25Prepare releaseOTP_R16BErlang/OTP
2013-02-22ssl: Add missing option and linksIngela Anderton Andin
2013-02-12ssl: Generalize cb_info optionIngela Anderton Andin