From 32275a2fc0b86d1f1b124706afc80f3ff92216eb Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Wed, 31 May 2017 16:21:00 +0200
Subject: Revert "Prepare release"
This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0.
---
lib/ssl/doc/src/notes.xml | 108 ----------------------------------------------
1 file changed, 108 deletions(-)
(limited to 'lib/ssl/doc')
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 1a93572dc7..29ec3f9d57 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -28,114 +28,6 @@
<p>This document describes the changes made to the SSL application.</p>
-<section><title>SSL 8.2</title>
-
- <section><title>Fixed Bugs and Malfunctions</title>
- <list>
- <item>
- <p>
- ECDH-ECDSA key exchange supported, was accidently
- dismissed in earlier versions.</p>
- <p>
- Own Id: OTP-14421</p>
- </item>
- </list>
- </section>
-
-
- <section><title>Improvements and New Features</title>
- <list>
- <item>
- <p>
- TLS-1.2 clients will now always send hello messages on
- its own format, as opposed to earlier versions that will
- send the hello on the lowest supported version, this is a
- change supported by the latest RFC.</p>
- <p>
- This will make interoperability with some newer servers
- smoother. Potentially, but unlikely, this could cause a
- problem with older servers if they do not adhere to the
- RFC and ignore unknown extensions.</p>
- <p>
- *** POTENTIAL INCOMPATIBILITY ***</p>
- <p>
- Own Id: OTP-13820</p>
- </item>
- <item>
- <p>
- Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in
- order to satisfy specific security requirements (mostly
- by different parts of the US federal government). </p>
- <p>
- See the new crypto users guide "FIPS mode" chapter about
- building and using the FIPS support which is disabled by
- default.</p>
- <p>
- (Thanks to dszoboszlay and legoscia)</p>
- <p>
- Own Id: OTP-13921 Aux Id: PR-1180 </p>
- </item>
- <item>
- <p>
- Implemented DTLS cookie generation, requiered by spec,
- instead of using hardcode value.</p>
- <p>
- Own Id: OTP-14076</p>
- </item>
- <item>
- <p>
- Implement sliding window replay protection of DTLS
- records.</p>
- <p>
- Own Id: OTP-14077</p>
- </item>
- <item>
- <p>
- TLS client processes will by default call
- public_key:pkix_verify_hostname/2 to verify the hostname
- of the connection with the server certifcates specified
- hostname during certificate path validation. The user may
- explicitly disables it. Also if the hostname can not be
- derived from the first argument to connnect or is not
- supplied by the server name indication option, the check
- will not be performed.</p>
- <p>
- Own Id: OTP-14197</p>
- </item>
- <item>
- <p>
- Extend connection_information/[1,2] . The values
- session_id, master_secret, client_random and
- server_random can no be accessed by
- connection_information/2. Note only session_id will be
- added to connection_information/1. The rational is that
- values concerning the connection security should have to
- be explicitly requested.</p>
- <p>
- Own Id: OTP-14291</p>
- </item>
- <item>
- <p>
- Chacha cipher suites are currently not tested enough to
- be most prefered ones</p>
- <p>
- Own Id: OTP-14382</p>
- </item>
- <item>
- <p>
- Basic support for DTLS that been tested together with
- OpenSSL.</p>
- <p>
- Test by providing the option {protocol, dtls} to the ssl
- API functions connect and listen.</p>
- <p>
- Own Id: OTP-14388</p>
- </item>
- </list>
- </section>
-
-</section>
-
<section><title>SSL 8.1.3</title>
<section><title>Fixed Bugs and Malfunctions</title>
--
cgit v1.2.3