From 62870c998955e1498e71bfc90607885e96ecaa27 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 31 Mar 2015 12:24:04 +0200 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 75 ++++++++++++++++++++++++++++++++++++++++++++++- lib/ssl/vsn.mk | 2 +- 2 files changed, 75 insertions(+), 2 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 4349e5a456..352563700b 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -25,7 +25,80 @@ notes.xml

This document describes the changes made to the SSL application.

-
SSL 5.3.8 +
SSL 6.0 + +
Fixed Bugs and Malfunctions + + +

+ Exclude self-signed trusted anchor certificates from + certificate prospective certification path according to + RFC 3280.

+

+ This will avoid some unnecessary certificate processing.

+

+ Own Id: OTP-12449

+
+
+
+ + +
Improvements and New Features + + +

+ Separate client and server session cache internally.

+

+ Avoid session table growth when client starts many + connections in such a manner that many connections are + started before session reuse is possible. Only save a new + session in client if there is no equivalent session + already stored.

+

+ Own Id: OTP-11365

+
+ +

+ The PEM cache is now validated by a background process, + instead of always keeping it if it is small enough and + clearing it otherwise. That strategy required that small + caches where cleared by API function if a file changes on + disk.

+

+ However export the API function to clear the cache as it + may still be useful.

+

+ Own Id: OTP-12391

+
+ +

+ Add padding check for TLS-1.0 to remove Poodle + vulnerability from TLS 1.0, also add the option + padding_check. This option only affects TLS-1.0 + connections and if set to false it disables the block + cipher padding check to be able to interoperate with + legacy software.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12420

+
+ +

+ Add support for TLS_FALLBACK_SCSV used to prevent + undesired TLS version downgrades. If used by a client + that is vulnerable to the POODLE attack, and the server + also supports TLS_FALLBACK_SCSV, the attack can be + prevented.

+

+ Own Id: OTP-12458

+
+
+
+ +
+ +
SSL 5.3.8
Fixed Bugs and Malfunctions diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk index bda974da0e..3663fb7857 100644 --- a/lib/ssl/vsn.mk +++ b/lib/ssl/vsn.mk @@ -1 +1 @@ -SSL_VSN = 5.3.8 +SSL_VSN = 6.0 -- cgit v1.2.3