From b9faca269de1de51ae33577cc204befbea24243c Mon Sep 17 00:00:00 2001 From: Henrik Date: Tue, 29 May 2018 10:47:25 +0200 Subject: Revert "Prepare release" This reverts commit fd8e49b5bddceaae803670121b603b5eee8c5c08. --- lib/ssl/doc/src/notes.xml | 122 ---------------------------------------------- lib/ssl/vsn.mk | 2 +- 2 files changed, 1 insertion(+), 123 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 795c38bd8e..34fe352d08 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,128 +27,6 @@

This document describes the changes made to the SSL application.

-
SSL 9.0 - -
Fixed Bugs and Malfunctions - - -

- Correct handling of ECDH suites.

-

- Own Id: OTP-14974

-
- -

- Proper handling of clients that choose to send an empty - answer to a certificate request

-

- Own Id: OTP-15050

-
-
-
- - -
Improvements and New Features - - -

- Distribution over SSL (inet_tls) has, to improve - performance, been rewritten to not use intermediate - processes and ports.

-

- Own Id: OTP-14465

-
- -

- Add suport for ECDHE_PSK cipher suites

-

- Own Id: OTP-14547

-
- -

- For security reasons no longer support 3-DES cipher - suites by default

-

- *** INCOMPATIBILITY with possibly ***

-

- Own Id: OTP-14768

-
- -

- For security reasons RSA-key exchange cipher suites are - no longer supported by default

-

- *** INCOMPATIBILITY with possible ***

-

- Own Id: OTP-14769

-
- -

- The interoperability option to fallback to insecure - renegotiation now has to be explicitly turned on.

-

- *** INCOMPATIBILITY with possibly ***

-

- Own Id: OTP-14789

-
- -

- Drop support for SSLv2 enabled clients. SSLv2 has been - broken for decades and never supported by the Erlang - SSL/TLS implementation. This option was by default - disabled and enabling it has proved to sometimes break - connections not using SSLv2 enabled clients.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-14824

-
- -

- Remove CHACHA20_POLY1305 ciphers form default for now. We - have discovered interoperability problems, ERL-538, that - we believe needs to be solved in crypto.

-

- *** INCOMPATIBILITY with possibly ***

-

- Own Id: OTP-14882

-
- -

- Generalize DTLS packet multiplexing to make it easier to - add future DTLS features and uses.

-

- Own Id: OTP-14888

-
- -

- Use uri_string module instead of http_uri.

-

- Own Id: OTP-14902

-
- -

- The SSL distribution protocol -proto inet_tls has - stopped setting the SSL option - server_name_indication. New verify funs for client - and server in inet_tls_dist has been added, not - documented yet, that checks node name if present in peer - certificate. Usage is still also yet to be documented.

-

- Own Id: OTP-14969 Aux Id: OTP-14465, ERL-598

-
- -

- Deprecate ssl:ssl_accept/[1,2,3] in favour of - ssl:handshake/[1,2,3]

-

- Own Id: OTP-15056

-
-
-
- -
-
SSL 8.2.6
Fixed Bugs and Malfunctions diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk index 10be907b4f..eb85a55717 100644 --- a/lib/ssl/vsn.mk +++ b/lib/ssl/vsn.mk @@ -1 +1 @@ -SSL_VSN = 9.0 +SSL_VSN = 8.2.6 -- cgit v1.2.3