From b92ea63417bc6933393a3c285faf393b3d287ac2 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 12 Dec 2011 18:14:34 +0100 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 96 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 5df2632149..1e1fe0d119 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -30,7 +30,101 @@

This document describes the changes made to the SSL application.

-
SSL 4.1.6 +
SSL 5.0 + +
Fixed Bugs and Malfunctions + + +

+ Invalidation handling of sessions could cause the + time_stamp field in the session record to be set to + undefined crashing the session clean up process. This did + not affect the connections but would result in that the + session table would grow.

+

+ Own Id: OTP-9696 Aux Id: seq11947

+
+ +

+ Changed code to use ets:foldl and throw instead of + ets:next traversal, avoiding the need to explicitly call + ets:safe_fixtable. It was possible to get a badarg-crash + under special circumstances.

+

+ Own Id: OTP-9703 Aux Id: seq11947

+
+ +

+ Send ssl_closed notification to active ssl user when a + tcp error occurs.

+

+ Own Id: OTP-9734 Aux Id: seq11946

+
+ +

+ If a passive receive was ongoing during a renegotiation + the process evaluating ssl:recv could be left hanging for + ever.

+

+ Own Id: OTP-9744

+
+
+
+ + +
Improvements and New Features + + +

+ Support for the old ssl implementation is dropped and the + code is removed.

+

+ Own Id: OTP-7048

+
+ +

+ The erlang distribution can now be run over the new ssl + implementation. All options can currently not be set but + it is enough to replace to old ssl implementation.

+

+ Own Id: OTP-7053

+
+ +

+ public_key, ssl and crypto now supports PKCS-8

+

+ Own Id: OTP-9312

+
+ +

+ Implements a CBC timing attack counter measure. Thanks to + Andreas Schultz for providing the patch.

+

+ Own Id: OTP-9683

+
+ +

+ Mitigates an SSL/TLS Computational DoS attack by + disallowing the client to renegotiate many times in a row + in a short time interval, thanks to Tuncer Ayaz for + alerting us about this.

+

+ Own Id: OTP-9739

+
+ +

+ Implements the 1/n-1 splitting countermeasure to the + Rizzo Duong BEAST attack, affects SSL 3.0 and TLS 1.0. + Thanks to Tuncer Ayaz for alerting us about this.

+

+ Own Id: OTP-9750

+
+
+
+ +
+ +
SSL 4.1.6
Fixed Bugs and Malfunctions -- cgit v1.2.3