From 561e871d680a081d531ff205b8331eacca1d7a3c Mon Sep 17 00:00:00 2001 From: Henrik Date: Wed, 2 May 2018 09:19:05 +0200 Subject: Revert "Update release notes" This reverts commit 202bb737e3deabfebee683266f4b7c42781eb521. --- lib/ssl/doc/src/notes.xml | 102 ---------------------------------------------- 1 file changed, 102 deletions(-) (limited to 'lib/ssl/doc/src') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index c45d806420..4ad7da9486 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,108 +27,6 @@

This document describes the changes made to the SSL application.

-
SSL 9.0 - -
Fixed Bugs and Malfunctions - - -

- Proper handling of clients that choose to send an empty - answer to a certificate request

-

- Own Id: OTP-15050

-
-
-
- - -
Improvements and New Features - - -

- Distribution over SSL (inet_tls) has, to improve - performance, been rewritten to not use intermediate - processes and ports.

-

- Own Id: OTP-14465

-
- -

- Add suport for ECDHE_PSK cipher suites

-

- Own Id: OTP-14547

-
- -

- For security reasons no longer support 3-DES cipher - suites by default

-

- *** INCOMPATIBILITY with possibly ***

-

- Own Id: OTP-14768

-
- -

- For security reasons RSA-key exchange cipher suites are - no longer supported by default

-

- *** INCOMPATIBILITY with possible ***

-

- Own Id: OTP-14769

-
- -

- The interoperability option to fallback to insecure - renegotiation now has to be explicitly turned on.

-

- *** INCOMPATIBILITY with possibly ***

-

- Own Id: OTP-14789

-
- -

- Drop support for SSLv2 enabled clients. SSLv2 has been - broken for decades and never supported by the Erlang - SSL/TLS implementation. This option was by default - disabled and enabling it has proved to sometimes break - connections not using SSLv2 enabled clients.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14824

-
- -

- Remove CHACHA20_POLY1305 ciphers form default for now. We - have discovered interoperability problems, ERL-538, that - we believe needs to be solved in crypto.

-

- *** INCOMPATIBILITY with possibly ***

-

- Own Id: OTP-14882

-
- -

- Use uri_string module instead of http_uri.

-

- Own Id: OTP-14902

-
- -

- The SSL distribution protocol -proto inet_tls has - stopped setting the SSL option - server_name_indication. New verify funs for client - and server in inet_tls_dist has been added, not - documented yet, that checks node name if present in peer - certificate. Usage is still also yet to be documented.

-

- Own Id: OTP-14969 Aux Id: OTP-14465, ERL-598

-
-
-
- -
-
SSL 8.2.5
Fixed Bugs and Malfunctions -- cgit v1.2.3