From 0f8afe80c6582f7affd17f36dc9cb48cc7946713 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 14 Mar 2016 10:46:23 +0100 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 118 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 61d1c8355a..e5070bc247 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -28,6 +28,124 @@

This document describes the changes made to the SSL application.

+
SSL 7.3 + +
Fixed Bugs and Malfunctions + + +

+ Make sure there is only one poller validator at a time + for validating the session cache.

+

+ Own Id: OTP-13185

+
+ +

+ A timing related issue could cause ssl to hang, + especially happened with newer versions of OpenSSL in + combination with ECC ciphers.

+

+ Own Id: OTP-13253

+
+ +

+ Work around a race condition in the TLS distribution + start.

+

+ Own Id: OTP-13268

+
+ +

+ Big handshake messages are now correctly fragmented in + the TLS record layer.

+

+ Own Id: OTP-13306

+
+ +

+ Improve portability of ECC tests in Crypto and SSL for + "exotic" OpenSSL versions.

+

+ Own Id: OTP-13311

+
+ +

+ Certificate extensions marked as critical are ignored + when using verify_none

+

+ Own Id: OTP-13377

+
+ +

+ If a certificate doesn't contain a CRL Distribution + Points extension, and the relevant CRL is not in the + cache, and the crl_check option is not set to + best_effort , the revocation check should fail.

+

+ Own Id: OTP-13378

+
+ +

+ Enable TLS distribution over IPv6

+

+ Own Id: OTP-13391

+
+
+
+ + +
Improvements and New Features + + +

+ Improve error reporting for TLS distribution

+

+ Own Id: OTP-13219

+
+ +

+ Include options from connect, listen and accept in + connection_information/1,2

+

+ Own Id: OTP-13232

+
+ +

+ Allow adding extra options for outgoing TLS distribution + connections, as supported for plain TCP connections.

+

+ Own Id: OTP-13285

+
+ +

+ Use loopback as server option in TLS-distribution module

+

+ Own Id: OTP-13300

+
+ +

+ Verify certificate signature against original certificate + binary.

+

+ This avoids bugs due to encoding errors when re-encoding + a decode certificate. As there exists several decode step + and using of different ASN.1 specification this is a risk + worth avoiding.

+

+ Own Id: OTP-13334

+
+ +

+ Use application:ensure_all_started/2 instead of + hard-coding dependencies

+

+ Own Id: OTP-13363

+
+
+
+ +
+
SSL 7.2
Fixed Bugs and Malfunctions -- cgit v1.2.3