aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
AgeCommit message (Collapse)Author
2017-12-19Merge pull request #1660 from bitnitdit/ssl_doc_duplicate_wordIngela Andin
Remove one of the duplicate word "use"
2017-12-19Remove one of the duplicate word "use"bitnitdit
2017-12-15ssl: Add engine use case to Users GuideIngela Anderton Andin
2017-12-08Update release notesErlang/OTP
2017-12-04Read in -ssl_dist_optfile to ETSRaimo Niskanen
2017-11-23fix missing document tag lost during mergeIngela Anderton Andin
2017-11-23Merge branch 'maint-18' into maintIngela Anderton Andin
2017-11-23Merge branch 'maint-19' into maintIngela Anderton Andin
2017-11-23Merge branch 'maint-20' into maintIngela Anderton Andin
* maint-20: Updated OTP version Update release notes Update version numbers public_key: verify ip (both v4 and v6) public_key: Added IP4 address checks to hostname_verification tests ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly ssl: Use ?FUNCTION_NAME ssl: Prepare for release ssl: Countermeasurements for Bleichenbacher attack Conflicts: lib/public_key/doc/src/public_key.xml lib/public_key/test/public_key_SUITE.erl lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_handshake.erl
2017-11-23Merge tag 'OTP-18.3.4.1.1' into maint-18Ingela Anderton Andin
=== OTP-18.3.4.1.1 === Changed Applications: - ssl-7.3.3.0.1 Unchanged Applications: - asn1-4.0.2 - common_test-1.12.1 - compiler-6.0.3 - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2.1 - cosProperty-1.2 - cosTime-1.2.1 - cosTransactions-1.3.1 - crypto-3.6.3 - debugger-4.1.2 - dialyzer-2.9 - diameter-1.11.2 - edoc-0.7.18 - eldap-1.2.1 - erl_docgen-0.4.2 - erl_interface-3.8.2 - erts-7.3.1 - et-1.5.1 - eunit-2.2.13 - gs-1.6 - hipe-3.15 - ic-4.4 - inets-6.2.4 - jinterface-1.6.1 - kernel-4.2 - megaco-3.18 - mnesia-4.13.4 - observer-2.1.2 - odbc-2.11.1 - orber-3.8.1 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1.1 - percept-0.8.11 - public_key-1.1.1 - reltool-0.7 - runtime_tools-1.9.3 - sasl-2.7 - snmp-5.2.2 - ssh-4.2.2.1 - stdlib-2.8 - syntax_tools-1.7 - test_server-3.10 - tools-2.8.3 - typer-0.9.10 - webtool-0.9.1 - wx-1.6.1 - xmerl-1.3.10 Conflicts: OTP_VERSION lib/ssl/vsn.mk otp_versions.table
2017-11-22Prepare releaseIngela Anderton Andin
2017-11-22Update release notesErlang/OTP
2017-11-22Update release notesErlang/OTP
2017-11-22Update release notesErlang/OTP
2017-11-21ssl: Marker inserted to enable a reference from cryptoHans Nilsson
2017-11-20Merge branch 'lukas/docs/xmllint_fixes/OTP-14721' into maintLukas Larsson
* lukas/docs/xmllint_fixes/OTP-14721: ssl/ssh: Remove/ignore unused XML_FILES doc files Refactor xmllint check and make it fail on failure Add toplevel xmllint make target Conflicts: lib/crypto/doc/src/Makefile
2017-11-20ssl/ssh: Remove/ignore unused XML_FILES doc filesLukas Larsson
2017-11-13ssl: Fix broken link in docIngela Anderton Andin
2017-11-09ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-11-08ssl: Add private key configuration for crypto engineIngela Anderton Andin
2017-10-31Refactor xmllint check and make it fail on failureLukas Larsson
This commit also adds a check to see that all files that are part of an xi:include also have part of XML_FILES and vice versa. It also fixes any applications where this was not true.
2017-10-13ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-10-10Merge branch 'lars/doc-cleanup/OTP-14475' into maintLars Thorsen
* lars/doc-cleanup/OTP-14475: [edoc] Remove unused module otpsgml_layout.erl Remove unused files from the documentation build
2017-09-28Remove unused files from the documentation buildLars Thorsen
2017-09-22Update release notesErlang/OTP
2017-06-21Prepare releaseErlang/OTP
2017-06-07ssl: Document DTLSIngela Anderton Andin
2017-05-31Revert "Prepare release"Hans Nilsson
This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0.
2017-05-30Prepare releaseErlang/OTP
2017-05-12Merge branch 'maint'Hans Nilsson
Conflicts: OTP_VERSION lib/inets/vsn.mk lib/ssl/vsn.mk
2017-05-11Prepare releaseErlang/OTP
2017-05-06ssl: Add hostname check of server certificateIngela Anderton Andin
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun.
2017-05-05Revert "Prepare release"Raimo Niskanen
This reverts commit dc57404252c47520f352834ad9be45ad684f96c9.
2017-05-04Prepare releaseErlang/OTP
2017-05-04Update copyright yearRaimo Niskanen
2017-05-03ssl: Move missing release note fix to correct placeIngela Anderton Andin
Commit 87584ae85893df917ca83cb0c40748fd4da0f3bc added missing release note but not in the correct place.
2017-05-02ssl: Add missing release noteIngela Anderton Andin
2017-04-04Merge branch 'maint'Ingela Anderton Andin
Conflicts: OTP_VERSION erts/vsn.mk lib/crypto/c_src/crypto.c lib/crypto/src/crypto.erl lib/ssh/src/ssh.erl
2017-03-31Update release notesErlang/OTP
2017-03-21ssl: Add connection information itemsIngela Anderton Andin
Add session_id and remove undocumented ssl:session_info/1 Add client_random, server_random and master_secret, they will not be included in ssl:connection_information/1 as they may affect the connections security if used recklessly.
2017-03-14Merge branch 'maint'Rickard Green
* maint: Updated OTP version Prepare release Conflicts: OTP_VERSION lib/typer/doc/src/notes.xml lib/typer/vsn.mk
2017-03-14Prepare releaseErlang/OTP
2017-03-10Update copyright yearRickard Green
2017-02-21Document ssl_session_cache_api's size/1 callbackSteven Danna
The size/1 callback was added as a non-optional callback in 42b8a29dbae1d626f32bc16dd81a129caf741138 but wasn't added to the documentation for the ssl_session_cache_api behavior. Signed-off-by: Steven Danna <[email protected]>
2017-01-17ssl: Handle really big handshake packagesIngela Anderton Andin
If a handshake message is really big it could happen that the ssl process would hang due to failing of requesting more data from the socket. This has been fixed. Also added option to limit max handshake size. It has a default value that should be big enough to handle normal usage and small enough to mitigate DoS attacks.
2016-12-09Prepare releaseErlang/OTP
2016-12-07Update copyright-yearErlang/OTP
2016-11-07Merge branch 'ferd/ssl-allow-ecc-config/PR-1210/OTP-13959' into maintIngela Anderton Andin
* ferd/ssl-allow-ecc-config/PR-1210/OTP-13959: Add ECC curve selection order config in TLS server
2016-11-02Add ECC curve selection order config in TLS serverFred Hebert
As per RFC 4492 Sec 5.1, the preferred order of selection of named curves is based on client preferences. Currently, the SSL application only picks entries according to the absolute order of entries as tracked in a hardcoded list in code. This patch changes things so that the client-specified order is preferred. It also allows a mode where the server can be configured to override the client's preferred order with its own, although the chosen ECC must still be within both lists. The configuration is done through the following options: - `eccs`, shared by clients and servers alike, allows the specification of the supported named curves, in their preferred order, and may eventually support more values for explicit primes and so on. - `honor_ecc_order`, a server-only option, is similar to `honor_cipher_order` and will, by default let the server pick the client-preferred ECC, and otherwise pick the server-preferred one. The default value for `eccs` is the same as before, although the server-chosen ECC now defaults to the client rather than previous choice. A function `ssl:eccs()` has been added that returns the highest supported ECCs for the library.
2016-10-27Correct spelling error in ssl_distribution.xmlTrevor Brown
Correct "...an exra distribution..." to "...an extra distribution...".