From 8edbf8309fe6f095d43cc4bbc3eceaa81823c7f4 Mon Sep 17 00:00:00 2001 From: Lars Thorsen Date: Thu, 10 Dec 2015 07:17:20 +0100 Subject: [ssl] Correct the documentation so it follows the DTD --- lib/ssl/doc/src/ssl.xml | 5 ++--- lib/ssl/doc/src/ssl_app.xml | 6 +++--- lib/ssl/doc/src/ssl_crl_cache_api.xml | 6 +++--- lib/ssl/doc/src/ssl_session_cache_api.xml | 10 +++++++--- 4 files changed, 15 insertions(+), 12 deletions(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 3a541ed162..32c80b3f00 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -480,8 +480,8 @@ fun(srp, Username :: string(), UserState :: term()) ->

The negotiated protocol can be retrieved using the negotiated_protocol/1 function.

- {client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()]}} - {client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()], Default :: binary()}} + {client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()]}}
+ {client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()], Default :: binary()}}

Indicates that the client is to try to perform Next Protocol Negotiation.

@@ -538,7 +538,6 @@ fun(srp, Username :: string(), UserState :: term()) -> be supported by the server for the prevention to work.

- diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml index 24b0f5300e..1e3a1101ed 100644 --- a/lib/ssl/doc/src/ssl_app.xml +++ b/lib/ssl/doc/src/ssl_app.xml @@ -58,7 +58,7 @@

erl -ssl protocol_version "['tlsv1.2', 'tlsv1.1']"

- protocol_version = ssl:protocol() ]]> + protocol_version = ssl:protocol()]]>

Protocol supported by started clients and servers. If this option is not set, it defaults to all protocols currently supported by the SSL application. @@ -78,8 +78,8 @@

List of extra user-defined arguments to the init function in the session cache callback module. Defaults to [].

 - ]]> - ]]> + ]]>
+ ]]>

Limits the growth of the clients/servers session cache, if the maximum number of sessions is reached, the current cache entries will be invalidated regardless of their remaining lifetime. Defaults to 1000. diff --git a/lib/ssl/doc/src/ssl_crl_cache_api.xml b/lib/ssl/doc/src/ssl_crl_cache_api.xml index 71c1c61fe8..03ac010bfe 100644 --- a/lib/ssl/doc/src/ssl_crl_cache_api.xml +++ b/lib/ssl/doc/src/ssl_crl_cache_api.xml @@ -84,9 +84,9 @@ CRLs = [public_key:der_encoded()] -

Lookup the CRLs belonging to the distribution point Distributionpoint.

+

Lookup the CRLs belonging to the distribution point Distributionpoint. This function may choose to only look in the cache or to follow distribution point - links depending on how the cache is administrated. + links depending on how the cache is administrated.

@@ -103,4 +103,4 @@ - \ No newline at end of file + diff --git a/lib/ssl/doc/src/ssl_session_cache_api.xml b/lib/ssl/doc/src/ssl_session_cache_api.xml index bd9330056d..b85d8fb284 100644 --- a/lib/ssl/doc/src/ssl_session_cache_api.xml +++ b/lib/ssl/doc/src/ssl_session_cache_api.xml @@ -31,9 +31,13 @@ ssl_session_cache_api TLS session cache API - Defines the API for the TLS session cache so - that the data storage scheme can be replaced by - defining a new callback module implementing this API. + +

+ Defines the API for the TLS session cache so + that the data storage scheme can be replaced by + defining a new callback module implementing this API. +

+
DATA TYPES -- cgit v1.2.3 From b1a1b4e8dc1929d438964017cec71869e8e24337 Mon Sep 17 00:00:00 2001 From: Lars Thorsen Date: Thu, 10 Dec 2015 09:40:34 +0100 Subject: [ssl] Moved description details to man(6) page --- lib/ssl/doc/src/ssl.xml | 36 ++++++------------------------------ lib/ssl/doc/src/ssl_app.xml | 28 +++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 31 deletions(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 32c80b3f00..bf87644116 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -31,37 +31,13 @@ ssl Interface Functions for Secure Socket Layer -

This module contains interface functions for the SSL.

+

+ This module contains interface functions for the SSL/TLS protocol. + For detailed information about the supported standards see + ssl(6). +

- -
- SSL - - - For application dependencies see ssl(6) - Supported SSL/TLS-versions are SSL-3.0, TLS-1.0, - TLS-1.1, and TLS-1.2. - For security reasons SSL-2.0 is not supported. - For security reasons SSL-3.0 is no longer supported by default, - but can be configured. - Ephemeral Diffie-Hellman cipher suites are supported, - but not Diffie Hellman Certificates cipher suites. - Elliptic Curve cipher suites are supported if the Crypto - application supports it and named curves are used. - - Export cipher suites are not supported as the - U.S. lifted its export restrictions in early 2000. - IDEA cipher suites are not supported as they have - become deprecated by the latest TLS specification so it is not - motivated to implement them. - CRL validation is supported. - Policy certificate extensions are not supported. - 'Server Name Indication' extension client side - (RFC 6066, Section 3) is supported. - - -
- +
DATA TYPES

The following data types are used in the functions for SSL:

diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml index 1e3a1101ed..6c82e32a74 100644 --- a/lib/ssl/doc/src/ssl_app.xml +++ b/lib/ssl/doc/src/ssl_app.xml @@ -33,7 +33,33 @@ The ssl application provides secure communication over sockets. - + +

+ The ssl application is an implementation of the SSL/TLS protocol in Erlang. +

+ + Supported SSL/TLS-versions are SSL-3.0, TLS-1.0, + TLS-1.1, and TLS-1.2. + For security reasons SSL-2.0 is not supported. + For security reasons SSL-3.0 is no longer supported by default, + but can be configured. + Ephemeral Diffie-Hellman cipher suites are supported, + but not Diffie Hellman Certificates cipher suites. + Elliptic Curve cipher suites are supported if the Crypto + application supports it and named curves are used. + + Export cipher suites are not supported as the + U.S. lifted its export restrictions in early 2000. + IDEA cipher suites are not supported as they have + become deprecated by the latest TLS specification so it is not + motivated to implement them. + CRL validation is supported. + Policy certificate extensions are not supported. + 'Server Name Indication' extension client side + (RFC 6066, Section 3) is supported. + + +
DEPENDENCIES

The SSL application uses the public_key and -- cgit v1.2.3