From 32275a2fc0b86d1f1b124706afc80f3ff92216eb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 31 May 2017 16:21:00 +0200 Subject: Revert "Prepare release" This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0. --- lib/ssl/doc/src/notes.xml | 108 ---------------------------------------------- 1 file changed, 108 deletions(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 1a93572dc7..29ec3f9d57 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -28,114 +28,6 @@

This document describes the changes made to the SSL application.

-
SSL 8.2 - -
Fixed Bugs and Malfunctions - - -

- ECDH-ECDSA key exchange supported, was accidently - dismissed in earlier versions.

-

- Own Id: OTP-14421

- - -
- - -
Improvements and New Features - - -

- TLS-1.2 clients will now always send hello messages on - its own format, as opposed to earlier versions that will - send the hello on the lowest supported version, this is a - change supported by the latest RFC.

-

- This will make interoperability with some newer servers - smoother. Potentially, but unlikely, this could cause a - problem with older servers if they do not adhere to the - RFC and ignore unknown extensions.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-13820

- - -

- Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in - order to satisfy specific security requirements (mostly - by different parts of the US federal government).

-

- See the new crypto users guide "FIPS mode" chapter about - building and using the FIPS support which is disabled by - default.

-

- (Thanks to dszoboszlay and legoscia)

-

- Own Id: OTP-13921 Aux Id: PR-1180

- - -

- Implemented DTLS cookie generation, requiered by spec, - instead of using hardcode value.

-

- Own Id: OTP-14076

- - -

- Implement sliding window replay protection of DTLS - records.

-

- Own Id: OTP-14077

- - -

- TLS client processes will by default call - public_key:pkix_verify_hostname/2 to verify the hostname - of the connection with the server certifcates specified - hostname during certificate path validation. The user may - explicitly disables it. Also if the hostname can not be - derived from the first argument to connnect or is not - supplied by the server name indication option, the check - will not be performed.

-

- Own Id: OTP-14197

- - -

- Extend connection_information/[1,2] . The values - session_id, master_secret, client_random and - server_random can no be accessed by - connection_information/2. Note only session_id will be - added to connection_information/1. The rational is that - values concerning the connection security should have to - be explicitly requested.

-

- Own Id: OTP-14291

- - -

- Chacha cipher suites are currently not tested enough to - be most prefered ones

-

- Own Id: OTP-14382

- - -

- Basic support for DTLS that been tested together with - OpenSSL.

-

- Test by providing the option {protocol, dtls} to the ssl - API functions connect and listen.

-

- Own Id: OTP-14388

- - -
- -
-
SSL 8.1.3
Fixed Bugs and Malfunctions -- cgit v1.2.3