This module contains interface functions to the Secure Socket Layer.
The following data types are used in the functions below:
For valid options
see
Options described here are options that are have the same meaning in the client and the server.
The verification fun should be defined as:
fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom() | {revoked, atom()}} |
{extension, #'Extension'{}}, InitialUserState :: term()) ->
{valid, UserState :: term()} | {valid_peer, UserState :: term()} |
{fail, Reason :: term()} | {unknown, UserState :: term()}.
The verify fun will be called during the X509-path
validation when an error or an extension unknown to the ssl
application is encountered. Additionally it will be called
when a certificate is considered valid by the path validation
to allow access to each certificate in the path to the user
application. Note that it will differentiate between the
peer certificate and CA certificates by using valid_peer or
valid as the second argument to the verify fun. See
If the verify callback fun returns {fail, Reason}, the verification process is immediately stopped and an alert is sent to the peer and the TLS/SSL handshake is terminated. If the verify callback fun returns {valid, UserState}, the verification process is continued. If the verify callback fun always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. If called with an extension unknown to the user application, the return value {unknown, UserState} should be used.
The default verify_fun option in verify_peer mode:
{fun(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
{unknown, UserState};
(_, valid, UserState) ->
{valid, UserState};
(_, valid_peer, UserState) ->
{valid, UserState}
end, []}
The default verify_fun option in verify_none mode:
{fun(_,{bad_cert, _}, UserState) ->
{valid, UserState};
(_,{extension, _}, UserState) ->
{unknown, UserState};
(_, valid, UserState) ->
{valid, UserState};
(_, valid_peer, UserState) ->
{valid, UserState}
end, []}
Possible path validation errors are given on the form {bad_cert, Reason} where Reason is:
The CA certificates specified for the connection will be used to construct the certificate chain validating the CRLs.
The CRLs will be fetched from a local or external cache
Module defaults to ssl_crl_cache with
The lookup fun should be defined as:
fun(psk, PSKIdentity ::string(), UserState :: term()) ->
{ok, SharedSecret :: binary()} | error;
fun(srp, Username :: string(), UserState :: term()) ->
{ok, {SRPParams :: srp_param_type(), Salt :: binary(), DerivedKey :: binary()}} | error.
For Pre-Shared Key (PSK) cipher suites, the lookup fun will be called by the client and server to determine the shared secret. When called by the client, PSKIdentity will be set to the hint presented by the server or undefined. When called by the server, PSKIdentity is the identity presented by the client.
For Secure Remote Password (SRP), the fun will only be used by the server to obtain
parameters that it will use to generate its session keys.
This option only affects TLS-1.0 connections. If set to false it disables the block cipher padding check to be able to interoperate with legacy software.
Using this option makes TLS vulnerable to the Poodle attack
Options described here are client specific or has a slightly different meaning in the client than in the server.
Indicates the client will try to perform Next Protocol Negotiation.
If precedence is server the negotiated protocol will be the first protocol that appears on the server advertised list that is also on the client preference list.
If precedence is client the negotiated protocol will be the first protocol that appears on the client preference list that is also on the server advertised list.
If the client does not support any of the server advertised protocols or the server does not advertise any protocols the client will fallback to the first protocol in its list or if a default is supplied it will fallback to that instead. If the server does not support Next Protocol Negotiation the connection will be aborted if no default protocol is supplied.
This option can be specified when upgrading a TCP socket to a TLS socket to use the TLS Server Name Indication extension.
When starting a TLS connection without upgrade the Server Name Indication extension will be sent if possible, this option may also be used to disable that behavior.
Send special cipher suite TLS_FALLBACK_SCSV to avoid undesired TLS version downgrade. Defaults to false
Note this option is not needed in normal TLS usage and should not be used to implement new clients. But legacy clients that that retries connections in the following manner
may use it to avoid undesired TLS version downgrade. Note that TLS_FALLBACK_SCSV must also be supported by the server for the prevention to work.
Options described here are server specific or has a slightly different meaning in the server than in the client.
When an ssl socket is in active mode (the default), data from the socket is delivered to the owner of the socket in the form of messages:
A
Returns a list of supported cipher suites. cipher_suites() is equivalent to cipher_suites(erlang). Type openssl is provided for backwards compatibility with old ssl that used openssl. cipher_suites(all) returns all available cipher suites. The cipher suites not present in cipher_suites(erlang) but in included in cipher_suites(all) will not be used unless explicitly configured by the user.
PEM files, used by ssl API-functions, are cached. The cache is regularly checked to see if any cache entries should be invalidated, however this function provides a way to unconditionally clear the whole cache.
Upgrades a gen_tcp, or equivalent, connected socket to an ssl socket i.e. performs the client-side ssl handshake.
Opens an ssl connection to Host, Port.
Close an ssl connection.
Assigns a new controlling process to the ssl-socket. A controlling process is the owner of an ssl-socket, and receives all messages from the socket.
Returns the negotiated protocol version and cipher suite.
Presents the error returned by an ssl function as a printable string.
Get the value of the specified socket options.
Creates an ssl listen socket.
The peer certificate is returned as a DER encoded binary.
The certificate can be decoded with
Returns the address and port number of the peer.
This function receives a packet from a socket in passive
mode. A closed socket is indicated by a return value
The
The optional
Use the pseudo random function (PRF) of a TLS session to generate
additional key material. It either takes user generated values for
This function can only be used with TLS connections,
Initiates a new handshake. A notable return value is
Writes
A notable return value is
Sets options according to
Immediately close a socket in one or two directions.
To be able to handle that the peer has done a shutdown on
the write side, the
Performs the SSL/TLS server-side handshake
If
Note that the listen socket should be in {active, false} mode before telling the client that the server is ready to upgrade by calling this function, otherwise the upgrade may or may not succeed depending on timing.
If
Returns the local address and port number of the socket
Starts the Ssl application. Default type
is temporary.
Stops the Ssl application.
Accepts an incoming connection request on a listen socket.
The socket returned can only be used with
The accepted socket inherits the options set for
The default
value for
Returns version information relevant for the ssl application.
Returns the Next Protocol negotiated.