From bb19e24a485e9ef43bcca3fbe9757da83f70c3a0 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 19 Jun 2018 08:24:54 +0200 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 143 ++++++++++++++++++++++++++++++++++++++++++++++ lib/ssl/vsn.mk | 2 +- 2 files changed, 144 insertions(+), 1 deletion(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 5b54ab48f8..917df03b5b 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,6 +27,149 @@

This document describes the changes made to the SSL application.

+
SSL 9.0 + +
Fixed Bugs and Malfunctions + + +

+ Correct handling of ECDH suites.

+

+ Own Id: OTP-14974

+
+ +

+ Proper handling of clients that choose to send an empty + answer to a certificate request

+

+ Own Id: OTP-15050

+
+
+
+ + +
Improvements and New Features + + +

+ Distribution over SSL (inet_tls) has, to improve + performance, been rewritten to not use intermediate + processes and ports.

+

+ Own Id: OTP-14465

+
+ +

+ Add suport for ECDHE_PSK cipher suites

+

+ Own Id: OTP-14547

+
+ +

+ For security reasons no longer support 3-DES cipher + suites by default

+

+ *** INCOMPATIBILITY with possibly ***

+

+ Own Id: OTP-14768

+
+ +

+ For security reasons RSA-key exchange cipher suites are + no longer supported by default

+

+ *** INCOMPATIBILITY with possible ***

+

+ Own Id: OTP-14769

+
+ +

+ The interoperability option to fallback to insecure + renegotiation now has to be explicitly turned on.

+

+ *** INCOMPATIBILITY with possibly ***

+

+ Own Id: OTP-14789

+
+ +

+ Drop support for SSLv2 enabled clients. SSLv2 has been + broken for decades and never supported by the Erlang + SSL/TLS implementation. This option was by default + disabled and enabling it has proved to sometimes break + connections not using SSLv2 enabled clients.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14824

+
+ +

+ Remove CHACHA20_POLY1305 ciphers form default for now. We + have discovered interoperability problems, ERL-538, that + we believe needs to be solved in crypto.

+

+ *** INCOMPATIBILITY with possibly ***

+

+ Own Id: OTP-14882

+
+ +

+ Generalize DTLS packet multiplexing to make it easier to + add future DTLS features and uses.

+

+ Own Id: OTP-14888

+
+ +

+ Use uri_string module instead of http_uri.

+

+ Own Id: OTP-14902

+
+ +

+ The SSL distribution protocol -proto inet_tls has + stopped setting the SSL option + server_name_indication. New verify funs for client + and server in inet_tls_dist has been added, not + documented yet, that checks node name if present in peer + certificate. Usage is still also yet to be documented.

+

+ Own Id: OTP-14969 Aux Id: OTP-14465, ERL-598

+
+ +

+ Deprecate ssl:ssl_accept/[1,2,3] in favour of + ssl:handshake/[1,2,3]

+

+ Own Id: OTP-15056

+
+ +

+ Customizes the hostname verification of the peer + certificate, as different protocols that use TLS such as + HTTP or LDAP may want to do it differently

+

+ Own Id: OTP-15102 Aux Id: ERL-542, OTP-14962

+
+ +

+ Add utility function for converting erlang cipher suites + to a string represenation (ERL-600).

+

+ Own Id: OTP-15106

+
+ +

+ First version with support for DTLS

+

+ Own Id: OTP-15142

+
+
+
+ +
+
SSL 8.2.6
Fixed Bugs and Malfunctions diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk index eb85a55717..10be907b4f 100644 --- a/lib/ssl/vsn.mk +++ b/lib/ssl/vsn.mk @@ -1 +1 @@ -SSL_VSN = 8.2.6 +SSL_VSN = 9.0 -- cgit v1.2.3