From 4d658008be5a08ddadbe75ebadb9ef124436b76e Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 14 Mar 2017 15:59:23 +0100 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 64 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) (limited to 'lib/ssl/doc/src/notes.xml') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 29b8e8ff67..d3ab3e9216 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -28,6 +28,70 @@

This document describes the changes made to the SSL application.

+
SSL 8.1.1 + +
Fixed Bugs and Malfunctions + + +

+ Corrected termination behavior, that caused a PEM cache + bug and sometimes resulted in connection failures.

+

+ Own Id: OTP-14100

+ + +

+ Fix bug that could hang ssl connection processes when + failing to require more data for very large handshake + packages. Add option max_handshake_size to mitigate DoS + attacks.

+

+ Own Id: OTP-14138

+ + +

+ Improved support for CRL handling that could fail to work + as intended when an id-ce-extKeyUsage was present in the + certificate. Also improvements where needed to + distributionpoint handling so that all revocations + actually are found and not deemed to be not determinable.

+

+ Own Id: OTP-14141

+ + +

+ A TLS handshake might accidentally match old sslv2 format + and ssl application would incorrectly aborted TLS + handshake with ssl_v2_client_hello_no_supported. Parsing + was altered to avoid this problem.

+

+ Own Id: OTP-14222

+ + +

+ Correct default cipher list to prefer AES 128 before 3DES

+

+ Own Id: OTP-14235

+ + +
+ + +
Improvements and New Features + + +

+ Move PEM cache to a dedicated process, to avoid making + the SSL manager process a bottleneck. This improves + scalability of TLS connections.

+

+ Own Id: OTP-13874

+ + +
+ +
+
SSL 8.1
Fixed Bugs and Malfunctions -- cgit v1.2.3