From 9c1fac89a82828106f2aac697fb748eee2f7bdc8 Mon Sep 17 00:00:00 2001 From: Andreas Schultz Date: Thu, 21 Feb 2013 15:02:36 +0100 Subject: SSL: add Elliptic Curve support for ssl app --- lib/ssl/doc/src/ssl.xml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index d5615fecfc..b02493d2cb 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -37,10 +37,13 @@ ssl requires the crypto and public_key applications. Supported SSL/TLS-versions are SSL-3.0, TLS-1.0, - TLS-1.1 and TLS-1.2 (no support for elliptic curve cipher suites yet). + TLS-1.1 and TLS-1.2. For security reasons sslv2 is not supported. Ephemeral Diffie-Hellman cipher suites are supported but not Diffie Hellman Certificates cipher suites. + Elliptic Curve cipher suites are supported on + systems with a OpenSSL library that has EC support + compiled in. Export cipher suites are not supported as the U.S. lifted its export restrictions in early 2000. IDEA cipher suites are not supported as they have @@ -75,7 +78,7 @@ {fail_if_no_peer_cert, boolean()} {depth, integer()} | {cert, der_encoded()}| {certfile, path()} | - {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}} | + {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}} | {keyfile, path()} | {password, string()} | {cacerts, [der_encoded()]} | {cacertfile, path()} | |{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} | @@ -125,6 +128,7 @@

key_exchange() = rsa | dhe_dss | dhe_rsa | dh_anon | psk | dhe_psk | rsa_psk | srp_anon | srp_dss | srp_rsa + | ecdh_anon | ecdh_ecdsa | ecdhe_ecdsa | ecdh_rsa | ecdhe_rsa

cipher() = rc4_128 | des_cbc | '3des_ede_cbc' @@ -157,7 +161,7 @@ {certfile, path()} Path to a file containing the user's certificate. - {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}} + {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' |'PrivateKeyInfo', der_encoded()}} The DER encoded users private key. If this option is supplied it will override the keyfile option. -- cgit v1.2.3 From 7c901c92f5936ca2f212300d2f13f899b7a222e0 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 26 Apr 2013 18:08:48 +0200 Subject: crypto: Deprecate functions, update doc and specs --- lib/ssl/doc/src/ssl.xml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index b02493d2cb..1645eb15f3 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -41,16 +41,17 @@ For security reasons sslv2 is not supported. Ephemeral Diffie-Hellman cipher suites are supported but not Diffie Hellman Certificates cipher suites. - Elliptic Curve cipher suites are supported on - systems with a OpenSSL library that has EC support - compiled in. + Elliptic Curve cipher suites are supported if crypto + supports it and named curves are used. + Export cipher suites are not supported as the U.S. lifted its export restrictions in early 2000. IDEA cipher suites are not supported as they have become deprecated by the latest TLS spec so there is not any real motivation to implement them. - CRL and policy certificate - extensions are not supported yet. + CRL and policy certificate extensions are not supported + yet. However CRL verification is supported by public_key, only not integrated + in ssl yet. -- cgit v1.2.3