From 72f5a4a6174338c011e5c3b73b0ad11ca296b5af Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 19 Dec 2012 16:16:46 +0100 Subject: ssl: Make TLS-1.2 default version --- lib/ssl/doc/src/ssl.xml | 4 ++-- lib/ssl/doc/src/ssl_app.xml | 14 ++++++++++++-- lib/ssl/doc/src/ssl_protocol.xml | 7 +++---- lib/ssl/src/ssl_internal.hrl | 2 +- lib/ssl/src/ssl_record.erl | 5 ++--- 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index f0eac76264..e45a4c774f 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -36,8 +36,8 @@ ssl requires the crypto and public_key applications. - Supported SSL/TLS-versions are SSL-3.0 and TLS-1.0, experimental - support for TLS-1.1 and TLS-1.2 is also available (no support for elliptic curve cipher suites yet). + Supported SSL/TLS-versions are SSL-3.0, TLS-1.0, + TLS-1.1 and TLS-1.2 (no support for elliptic curve cipher suites yet). For security reasons sslv2 is not supported. Ephemeral Diffie-Hellman cipher suites are supported but not Diffie Hellman Certificates cipher suites. diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml index 2ba6f48611..178bbcaebb 100644 --- a/lib/ssl/doc/src/ssl_app.xml +++ b/lib/ssl/doc/src/ssl_app.xml @@ -1,4 +1,4 @@ - + @@ -29,7 +29,17 @@ sockets.
- Environment + DEPENDENCIES +

The ssl application uses the Erlang applications public_key and + crypto to handle public keys and encryption, hence these + applications needs to be loaded for the ssl application to work. In + an embedded environment that means they need to be started with + application:start/[1,2] before the ssl application is started. +

+
+ +
+ ENVIRONMENT

The following application environment configuration parameters are defined for the SSL application. Refer to application(3) for more information about configuration parameters. diff --git a/lib/ssl/doc/src/ssl_protocol.xml b/lib/ssl/doc/src/ssl_protocol.xml index 17268a634d..f540dc999b 100644 --- a/lib/ssl/doc/src/ssl_protocol.xml +++ b/lib/ssl/doc/src/ssl_protocol.xml @@ -4,7 +4,7 @@

- 20032011 + 20032012 Ericsson AB. All Rights Reserved. @@ -25,9 +25,8 @@ ssl_protocol.xml
-

The erlang SSL application currently supports SSL 3.0 and TLS 1.0 - RFC 2246, and will in the future also support later versions of TLS. - SSL 2.0 is not supported. +

The erlang SSL application currently implements the protocol SSL/TLS + for currently supported versions see ssl(3)

By default erlang SSL is run over the TCP/IP protocol even diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl index a5db2dcee7..ed0dc34adf 100644 --- a/lib/ssl/src/ssl_internal.hrl +++ b/lib/ssl/src/ssl_internal.hrl @@ -69,8 +69,8 @@ -define(TRUE, 0). -define(FALSE, 1). --define(DEFAULT_SUPPORTED_VERSIONS, [tlsv1, sslv3]). %% Add 'tlsv1.1' in R16 -define(ALL_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]). +-define(MIN_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1, sslv3]). -record(ssl_options, { versions, % 'tlsv1.2' | 'tlsv1.1' | tlsv1 | sslv3 diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl index 8e93ce4634..173b9611c6 100644 --- a/lib/ssl/src/ssl_record.erl +++ b/lib/ssl/src/ssl_record.erl @@ -463,10 +463,9 @@ supported_protocol_versions() -> supported_protocol_versions([]) -> Vsns = case sufficient_tlsv1_2_crypto_support() of true -> - %%?ALL_SUPPORTED_VERSIONS; %% Add TlS-1.2 as default in R16 - ?DEFAULT_SUPPORTED_VERSIONS; + ?ALL_SUPPORTED_VERSIONS; false -> - ?DEFAULT_SUPPORTED_VERSIONS + ?MIN_SUPPORTED_VERSIONS end, application:set_env(ssl, protocol_version, Vsns), Vsns; -- cgit v1.2.3