From 2955ddebc32837b66d9bacb4e925ad0ed0033168 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 23 Jun 2015 10:24:26 +0200 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 83 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 82 insertions(+), 1 deletion(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 43ed006781..b87b1b4fa7 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -26,7 +26,88 @@ notes.xml

This document describes the changes made to the SSL application.

-
SSL 6.0.1 +
SSL 7.0 + +
Fixed Bugs and Malfunctions + + +

+ Ignore signature_algorithm (TLS 1.2 extension) sent to + TLS 1.0 or TLS 1.1 server

+

+ Own Id: OTP-12670

+ + +

+ Improve error handling in TLS distribution module to + avoid lingering sockets.

+

+ Own Id: OTP-12799 Aux Id: Tom Briden

+ + +

+ Add option {client_renegotiation, boolean()} option to + the server-side of the SSL application.

+

+ Own Id: OTP-12815

+ + +

+ Gracefully ignore proprietary hash_sign algorithms

+

+ Own Id: OTP-12829

+ + +
+ + +
Improvements and New Features + + +

+ Add new API functions to handle CRL-verification

+

+ Own Id: OTP-10362 Aux Id: kunagi-215 [126]

+ + +

+ Remove default support for SSL-3.0, due to Poodle + vunrability in protocol specification.

+

+ Add padding check for TLS-1.0 to remove Poodle + vunrability from TLS 1.0, also add the option + padding_check. This option only affects TLS-1.0 + connections and if set to false it disables the block + cipher padding check to be able to interoperate with + legacy software.

+

+ Remove default support for RC4 cipher suites, as they are + consider too weak.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12390

+ + +

+ Add support for TLS ALPN (Application-Layer Protocol + Negotiation) extension.

+

+ Own Id: OTP-12580

+ + +

+ Add SNI (Server Name Indication) support for the server + side.

+

+ Own Id: OTP-12736

+ + +
+ +
+ +
SSL 6.0.1
Fixed Bugs and Malfunctions -- cgit v1.2.3