From eaf8ca41dfa4850437ad270d3897399c9358ced0 Mon Sep 17 00:00:00 2001
From: Erlang/OTP <otp@erlang.org>
Date: Tue, 30 May 2017 16:15:30 +0200
Subject: Prepare release

---
 lib/ssh/doc/src/notes.xml | 163 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)

(limited to 'lib/ssh/doc/src')
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index bddae00dd2..f6b6f53d33 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -30,6 +30,169 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 4.5</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The internal handling of SSH options is re-written.</p>
+          <p>
+	    Previously there were no checks if a client option was
+	    given to a daemon or vice versa. This is corrected now.
+	    If your code has e.g. a client-only option in a call to
+	    start a daemon, the call will fail.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-12872</p>
+        </item>
+        <item>
+          <p>
+	    Modernization of key exchange algorithms. See
+	    draft-ietf-curdle-ssh-kex-sha2 for a discussion.</p>
+          <p>
+	    Removed an outdated weak algorithm and added stronger
+	    replacements to keep interoperability with other modern
+	    ssh clients and servers. The default ordering of the
+	    algorithms is also adjusted.</p>
+          <p>
+	    Retired: The nowadays unsecure key-exchange
+	    <c>diffie-hellman-group1-sha1</c> is not enabled by
+	    default, but can be enabled with the option
+	    <c>preferred-algorithms</c>.</p>
+          <p>
+	    Added: The new stronger key-exchange
+	    <c>diffie-hellman-group16-sha512</c>,
+	    <c>diffie-hellman-group18-sha512</c> and
+	    <c>diffie-hellman-group14-sha256</c> are added and
+	    enabled by default.</p>
+          <p>
+	    The questionable [RFC 6194] sha1-based algorithms
+	    <c>diffie-hellman-group-exchange-sha1</c> and
+	    <c>diffie-hellman-group14-sha1</c> are however still kept
+	    enabled by default for compatibility with ancient clients
+	    and servers that lack modern key-exchange alternatives.
+	    When the draft-ietf-curdle-ssh-kex-sha2 becomes an rfc,
+	    those sha1-based algorithms and
+	    <c>diffie-hellman-group1-sha1</c> will be deprecated by
+	    IETF. They might then be removed from the default list in
+	    Erlang/OTP.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-14110</p>
+        </item>
+        <item>
+          <p>
+	    Modernized internal representation of sftp by use of
+	    maps.</p>
+          <p>
+	    Own Id: OTP-14117</p>
+        </item>
+        <item>
+          <p>
+	    The Extension Negotiation Mechanism and the extension
+	    <c>server-sig-algs</c> in
+	    draft-ietf-curdle-ssh-ext-info-05 are implemented.</p>
+          <p>
+	    The related draft-ietf-curdle-rsa-sha2-05 is implemented
+	    and introduces the signature algorithms
+	    <c>rsa-sha2-256</c> and <c>rsa-sha2-512</c>.</p>
+          <p>
+	    Own Id: OTP-14193</p>
+        </item>
+        <item>
+          <p>
+	    The functions <c>ssh:connect</c>, <c>ssh:shell</c> and
+	    <c>ssh:start_channel</c> now accept an IP-tuple as Host
+	    destination argument.</p>
+          <p>
+	    Own Id: OTP-14243</p>
+        </item>
+        <item>
+          <p>
+	    The function <c>ssh:daemon_info/1</c> now returns Host
+	    and Profile as well as the Port info in the property
+	    list.</p>
+          <p>
+	    Own Id: OTP-14259</p>
+        </item>
+        <item>
+          <p>
+	    Removed the option <c>public_key_alg</c> which was
+	    deprecated in 18.2. Use <c>pref_public_key_algs</c>
+	    instead.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-14263</p>
+        </item>
+        <item>
+          <p>
+	    The SSH application is refactored regarding daemon
+	    starting. The resolution of contradicting <c>Host</c>
+	    argument and <c>ip</c> option were not described. There
+	    were also strange corner cases when the <c>'any'</c>
+	    value was used in <c>Host</c> argument or <c>ip</c>
+	    option. This is (hopefully) resolved now, but it may
+	    cause incompatibilities for code using both <c>Host</c>
+	    and the <c>ip</c> option. The value 'loopback' has been
+	    added for a correct way of naming those addresses.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-14264</p>
+        </item>
+        <item>
+          <p>
+	    The supervisor code is refactored. The naming of
+	    listening IP-Port-Profile triples are slightly changed to
+	    improve consistency in strange corner cases as resolved
+	    by OTP-14264</p>
+          <p>
+	    Own Id: OTP-14267 Aux Id: OTP-14266 </p>
+        </item>
+        <item>
+          <p>
+	    The <c>idle_time</c> option can now be used in daemons.</p>
+          <p>
+	    Own Id: OTP-14312</p>
+        </item>
+        <item>
+          <p>
+	    Added test cases for IETF-CURDLE Extension Negotiation
+	    (ext-info)</p>
+          <p>
+	    Own Id: OTP-14361</p>
+        </item>
+        <item>
+          <p>
+	    Testcases for IETF-CURDLE extension
+	    <c>server-sig-algs</c> including <c>rsa-sha2-*</c></p>
+          <p>
+	    Own Id: OTP-14362 Aux Id: OTP-14361 </p>
+        </item>
+        <item>
+          <p>
+	    The option <c>auth_methods</c> can now also be used in
+	    clients to select which authentication options that are
+	    used and in which order.</p>
+          <p>
+	    Own Id: OTP-14399</p>
+        </item>
+        <item>
+          <p>
+	    Checks that a ECDSA public key (<c>ecdsa-sha2-nistp*</c>)
+	    stored in a file has the correct size.</p>
+          <p>
+	    Own Id: OTP-14410</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 4.4.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
-- 
cgit v1.2.3

