From f719d0fe308f00b85f92c29d7cdf9b0dc20d98a2 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 7 Apr 2014 19:52:48 +0200 Subject: Update release notes --- lib/ssl/doc/src/notes.xml | 159 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 158 insertions(+), 1 deletion(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 0b28b1ebd4..c61b2a9c2f 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -25,7 +25,164 @@ notes.xml

This document describes the changes made to the SSL application.

-
SSL 5.3.3 +
SSL 5.3.4 + +
Fixed Bugs and Malfunctions + + +

+ Fix incorrect dialyzer spec and types, also enhance + documentation.

+

+ Thanks to Ayaz Tuncer.

+

+ Own Id: OTP-11627

+ + +

+ Fix possible mismatch between SSL/TLS version and default + ciphers. Could happen when you specified SSL/TLS-version + in optionlist to listen or accept.

+

+ Own Id: OTP-11712

+ + +

+ Application upgrade (appup) files are corrected for the + following applications:

+

+ asn1, common_test, compiler, crypto, debugger, + dialyzer, edoc, eldap, erl_docgen, et, eunit, gs, hipe, + inets, observer, odbc, os_mon, otp_mibs, parsetools, + percept, public_key, reltool, runtime_tools, ssh, + syntax_tools, test_server, tools, typer, webtool, wx, + xmerl

+

+ A new test utility for testing appup files is added to + test_server. This is now used by most applications in + OTP.

+

+ (Thanks to Tobias Schlager)

+

+ Own Id: OTP-11744

+ + +
+ + +
Improvements and New Features + + +

+ Moved elliptic curve definition from the crypto + NIF/OpenSSL into Erlang code, adds the RFC-5639 brainpool + curves and makes TLS use them (RFC-7027).

+

+ Thanks to Andreas Schultz

+

+ Own Id: OTP-11578

+ + +

+ Unicode adaptations

+

+ Own Id: OTP-11620

+ + +

+ Added option honor_cipher_order. This instructs the + server to prefer its own cipher ordering rather than the + client's and can help protect against things like BEAST + while maintaining compatability with clients which only + support older ciphers.

+

+ Thanks to Andrew Thompson for the implementation, and + Andreas Schultz for the test cases.

+

+ Own Id: OTP-11621

+ + +

+ Replace boolean checking in validate_option with + is_boolean guard.

+

+ Thanks to Andreas Schultz.

+

+ Own Id: OTP-11634

+ + +

+ Some function specs are corrected or moved and some edoc + comments are corrected in order to allow use of edoc. + (Thanks to Pierre Fenoll)

+

+ Own Id: OTP-11702

+ + +

+ Correct clean up of certificate database when certs are + inputed in pure DER format.The incorrect code could cause + a memory leek when certs where inputed in DER. Thanks to + Bernard Duggan for reporting this.

+

+ Own Id: OTP-11733

+ + +

+ Improved documentation of the cacertfile option

+

+ Own Id: OTP-11759 Aux Id: seq12535

+ + +

+ Avoid next protocol negotiation failure due to incorrect + option format.

+

+ Own Id: OTP-11760

+ + +

+ Handle v1 CRLs, with no extensions and fixes issues with + IDP (Issuing Distribution Point) comparison during CRL + validation.

+

+ Thanks to Andrew Thompson

+

+ Own Id: OTP-11761

+ + +

+ Server now ignores client ECC curves that it does not + support instead of crashing.

+

+ Thanks to Danil Zagoskin for reporting the issue and + suggesting a solution.

+

+ Own Id: OTP-11780

+ + +

+ Handle SNI (Server Name Indication) alert + unrecognized_name and gracefully deal with unexpected + alerts.

+

+ Thanks to Masatake Daimon for reporting this.

+

+ Own Id: OTP-11815

+ + +

+ Add possibility to specify ssl options when calling + ssl:ssl_accept

+

+ Own Id: OTP-11837

+ + +
+ +
+ +
SSL 5.3.3
Fixed Bugs and Malfunctions -- cgit v1.2.3