From 84adefa331c4159d432d22840663c38f155cd4c1 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 20 Nov 2009 14:54:40 +0000 Subject: The R13B03 release. --- lib/ssl/doc/src/ssl_app.xml | 182 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 lib/ssl/doc/src/ssl_app.xml (limited to 'lib/ssl/doc/src/ssl_app.xml') diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml new file mode 100644 index 0000000000..ae8bd87781 --- /dev/null +++ b/lib/ssl/doc/src/ssl_app.xml @@ -0,0 +1,182 @@ + + + + +
+ + 19992009 + Ericsson AB. All Rights Reserved. + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + + + ssl + Peter Högfeldt + Peter Högfeldt + + Peter Högfeldt + Peter Högfeldt + 2005-03-10 + E + ssl_app.sgml +
+ ssl + The SSL Application + +

The Secure Socket Layer (SSL) application provides secure + socket communication over TCP/IP. +

+ + +
+ Warning +

In previous versions of Erlang/OTP SSL it was advised, as a + work-around, to set the operating system environment variable + SSL_CERT_FILE to point at a file containing CA + certificates. That variable is no longer needed, and is not + recognised by Erlang/OTP SSL any more. +

+

However, the OpenSSL package does interpret that environment + variable. Hence a setting of that variable might have + unpredictable effects on the Erlang/OTP SSL application. It is + therefore adviced to not used that environment variable at all.

+
+ +
+ Environment +

The following application environment configuration parameters + are defined for the SSL application. Refer to application(3) for + more information about configuration parameters. +

+

Note that the environment parameters can be set on the command line, + for instance,

+

erl ... -ssl protocol_version '[sslv2,sslv3]' .... +

+ + ]]> + +

Enables all SSL servers (those that listen and accept) + to use ephemeral RSA key generation when a clients connect with + weak handshake cipher specifications, that need equally weak + ciphers from the server (i.e. obsolete restrictions on export + ciphers). Default is false. +

+ + ]]> + +

Causes debug information to be written to standard + output. Default is false. +

+ + ]]> + +

Causes debug information output controlled by debug + and msgdebug to be printed to a file named + .log]]> in the directory specified by + debugdir, where ]]> is the operating system + specific textual representation of the process identifier + of the external port program of the SSL application. Default + is false, i.e. no log file is produced. +

+ + ]]> + +

Sets debug = true and causes also the contents + of low level messages to be printed to standard output. + Default is false. +

+ + ]]> + +

Name of port program. The default is ssl_esock. +

+ + ]]>. + +

Name of protocols to use. If this option is not set, + all protocols are assumed, i.e. the default value is + [sslv2, sslv3, tlsv1]. +

+ + ]]> + +

Define the port number of the listen port of the + SSL port program. Almost never is this option needed. +

+ + ]]> + +

Set the listen queue size of the listen port of the + SSL port program. The default is 128. +

+ + +
+ +
+ OpenSSL libraries +

The current implementation of the Erlang SSL application is + based on the OpenSSL package version 0.9.7 or higher. + There are source and binary releases on the web. +

+

Source releases of OpenSSL can be downloaded from the OpenSSL project home page, + or mirror sites listed there. +

+

The same URL also contains links to some compiled binaries and + libraries of OpenSSL (see the Related/Binaries menu) of + which the Shining Light Productions Win32 and OpenSSL pages are of + interest for the Win32 user. +

+

For some Unix flavours there are binary packages available + on the net. +

+

If you cannot find a suitable binary OpenSSL package, you + have to fetch an OpenSSL source release and compile it. +

+

You then have to compile and install the libraries + libcrypto.so and libssl.so (Unix), or the + libraries libeay32.dll and ssleay32.dll (Win32). +

+

For Unix The ssl_esock port program is delivered linked + to OpenSSL libraries in /usr/local/lib, but the default + dynamic linking will also accept libraries in /lib and + /usr/lib. +

+

If that is not applicable to the particular Unix operating + system used, the example Makefile in the SSL + priv/obj directory, should be used as a guide to + relinking the final version of the port program. +

+

For Win32 it is only required that the libraries can be + found from the PATH environment variable, or that they + reside in the appropriate SYSTEM32 directory; hence no + particular relinking is need. Hence no example Makefile + for Win32 is provided.

+
+ +
+ Restrictions +

Users must be aware of export restrictions and patent rights + concerning cryptographic software. +

+
+ +
+ SEE ALSO +

application(3)

+
+ + + + -- cgit v1.2.3