From fb7006280f8d5a45459e1fba066fe6f6131e8e86 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 24 Sep 2018 11:32:41 +0200 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 117 ++++++++++++++++++++++++++++++++++++++++++++++ lib/ssl/vsn.mk | 2 +- 2 files changed, 118 insertions(+), 1 deletion(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index a00b0c6465..5a2e394c72 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,6 +27,123 @@

This document describes the changes made to the SSL application.

+
SSL 9.0.2 + +
Fixed Bugs and Malfunctions + + +

+ Use separate processes for sending and receiving + application data for TLS connections to avoid potential + deadlock that was most likely to occur when using TLS for + Erlang distribution. Note does not change the API.

+

+ Own Id: OTP-15122

+ + +

+ Correct handling of empty server SNI extension

+

+ Own Id: OTP-15168

+ + +

+ Correct PSK cipher suite handling and add + selected_cipher_suite to connection information

+

+ Own Id: OTP-15172

+ + +

+ Adopt to the fact that cipher suite sign restriction are + relaxed in TLS-1.2

+

+ Own Id: OTP-15173

+ + +

+ Enhance error handling of non existing PEM files

+

+ Own Id: OTP-15174

+ + +

+ Correct close handling of transport accepted sockets in + the error state

+

+ Own Id: OTP-15216

+ + +

+ Correct PEM cache to not add references to empty entries + when PEM file does not exist.

+

+ Own Id: OTP-15224

+ + +

+ Correct handling of all PSK cipher suites

+

+ Before only some PSK suites would be correctly negotiated + and most PSK ciphers suites would fail the connection.

+

+ Own Id: OTP-15285

+ + +
+ + +
Improvements and New Features + + +

+ TLS will now try to order certificate chains if they + appear to be unordered. That is prior to TLS 1.3, + “certificate_list” ordering was required to be + strict, however some implementations already allowed for + some flexibility. For maximum compatibility, all + implementations SHOULD be prepared to handle potentially + extraneous certificates and arbitrary orderings from any + TLS version.

+

+ Own Id: OTP-12983

+ + +

+ TLS will now try to reconstructed an incomplete + certificate chains from its local CA-database and use + that data for the certificate path validation. This + especially makes sense for partial chains as then the + peer might not send an intermediate CA as it is + considered the trusted root in that case.

+

+ Own Id: OTP-15060

+ + +

+ Option keyfile defaults to certfile and should be trumped + with key. This failed for engine keys.

+

+ Own Id: OTP-15193

+ + +

+ Error message improvement when own certificate has + decoding issues, see also issue ERL-668.

+

+ Own Id: OTP-15234

+ + +

+ Correct dialyzer spec for key option

+

+ Own Id: OTP-15281

+ + +
+ +
+
SSL 9.0.1
Fixed Bugs and Malfunctions diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk index 5be527306d..741bdb6df0 100644 --- a/lib/ssl/vsn.mk +++ b/lib/ssl/vsn.mk @@ -1 +1 @@ -SSL_VSN = 9.0.1 +SSL_VSN = 9.0.2 -- cgit v1.2.3