From e53c55dd0ab69982bc511396ccf8655d27c6d38c Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin
Date: Tue, 13 Jan 2015 15:16:20 +0100
Subject: ssl: Reenable padding check for TLS-1.0 and provide backwards
compatible disable option
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/tls_record.erl
lib/ssl/test/ssl_cipher_SUITE.erl
---
lib/ssl/doc/src/ssl.xml | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
(limited to 'lib/ssl/doc/src/ssl.xml')
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index b53344e381..39b9b70579 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -4,7 +4,7 @@
- 19992014
+ 19992015
Ericsson AB. All Rights Reserved.
@@ -348,11 +348,23 @@ fun(srp, Username :: string(), UserState :: term()) ->
+ {padding_check, boolean()}
+ -
+
This option only affects TLS-1.0 connections.
+ If set to false it disables the block cipher padding check
+ to be able to interoperate with legacy software.
+
+
+ Using this option makes TLS vulnerable to
+ the Poodle attack
+
+
+
-
+
-
-
+
+
SSL OPTION DESCRIPTIONS - CLIENT SIDE
Options described here are client specific or has a slightly different
--
cgit v1.2.3