From 42b8a29dbae1d626f32bc16dd81a129caf741138 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 16 Nov 2015 21:58:36 +0100 Subject: ssl: Add upper limit for session cache If upper limit is reached invalidate the current cache entries, e.i the session lifetime is the max time a session will be keept, but it may be invalidated earlier if the max limit for the table is reached. This will keep the ssl manager process well behaved, not exhusting memeory. Invalidating the entries will incrementally empty the cache to make room for fresh sessions entries. --- lib/ssl/doc/src/ssl_app.xml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml index 51ce0cedf1..257175a33f 100644 --- a/lib/ssl/doc/src/ssl_app.xml +++ b/lib/ssl/doc/src/ssl_app.xml @@ -66,7 +66,7 @@ to ssl:connect/[2,3] and ssl:listen/2.

]]> -

Lifetime of the session data in seconds.

 +

Maximum lifetime of the session data in seconds.

 ]]>

Name of the session cache callback module that implements @@ -77,6 +77,13 @@

List of extra user-defined arguments to the init function in the session cache callback module. Defaults to [].

 + + ]]> + ]]> +

Limits the growth of the clients/servers session cache, + if the maximum number of sessions is reached, the current cache entries will + be invalidated regardless of their remaining lifetime. Defaults to 1000. +

]]> -- cgit v1.2.3 From 55569124ac815eedc21c234c447e346b97f3c8fe Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 7 Dec 2015 10:31:35 +0100 Subject: ssl: Fix documentation mistakes --- lib/ssl/doc/src/ssl.xml | 4 ++-- lib/ssl/doc/src/ssl_app.xml | 9 ++++++--- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 22ac98c24e..3a541ed162 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -84,7 +84,7 @@ gen_tcp(3) manual pages in Kernel.

 - ssloption() = + ssloption() =

{verify, verify_type()}

| {verify_fun, {fun(), term()}}

@@ -160,7 +160,7 @@ sslsocket() =

opaque()

 - protocol() = + protocol() =

sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'

 ciphers() = diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml index 257175a33f..24b0f5300e 100644 --- a/lib/ssl/doc/src/ssl_app.xml +++ b/lib/ssl/doc/src/ssl_app.xml @@ -58,7 +58,7 @@

erl -ssl protocol_version "['tlsv1.2', 'tlsv1.1']"

- ssl:protocol() ]]>. + protocol_version = ssl:protocol() ]]>

Protocol supported by started clients and servers. If this option is not set, it defaults to all protocols currently supported by the SSL application. @@ -71,7 +71,7 @@ ]]>

Name of the session cache callback module that implements the ssl_session_cache_api behavior. Defaults to - ssl_session_cache.erl.

 + ssl_session_cache.

 ]]> @@ -110,7 +110,10 @@
ERROR LOGGER AND EVENT HANDLERS -

The SSL application uses the default OTP error logger to log unexpected errors and TLS alerts. The logging of TLS alerts may be turned off with the log_alert option.

+

The SSL application uses the default OTP error logger to log + unexpected errors and TLS alerts. The logging of TLS alerts may be + turned off with the log_alert option.

-- cgit v1.2.3