aboutsummaryrefslogtreecommitdiffstats
path: root/doc/src/manual
diff options
context:
space:
mode:
authorAlexandru Munteanu <[email protected]>2016-10-28 04:45:01 +0200
committerLoïc Hoguin <[email protected]>2016-11-01 23:10:07 +0200
commit4d487ac60c3a4962a8280acfcf265b2523b2d76e (patch)
tree2b0ec6f47aa0afe4cb56e56302aeff80eb451a94 /doc/src/manual
parenteafd62e47eae2bb85b5863440a50cbf346ab05e2 (diff)
downloadranch-4d487ac60c3a4962a8280acfcf265b2523b2d76e.tar.gz
ranch-4d487ac60c3a4962a8280acfcf265b2523b2d76e.tar.bz2
ranch-4d487ac60c3a4962a8280acfcf265b2523b2d76e.zip
Add SSL options for legacy software interoperability
Diffstat (limited to 'doc/src/manual')
-rw-r--r--doc/src/manual/ranch_ssl.asciidoc9
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/src/manual/ranch_ssl.asciidoc b/doc/src/manual/ranch_ssl.asciidoc
index 07b835a..b809ec1 100644
--- a/doc/src/manual/ranch_ssl.asciidoc
+++ b/doc/src/manual/ranch_ssl.asciidoc
@@ -15,6 +15,7 @@ The `ranch_ssl` module implements an SSL Ranch transport.
[source,erlang]
----
ssl_opt() = {alpn_preferred_protocols, [binary()]}
+ | {beast_mitigation, one_n_minus_one | zero_n | disabled}
| {cacertfile, string()}
| {cacerts, [public_key:der_encoded()]}
| {cert, public_key:der_encoded()}
@@ -33,6 +34,7 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]}
| {keyfile, string()}
| {log_alert, boolean()}
| {next_protocols_advertised, [binary()]}
+ | {padding_check, boolean()}
| {partial_chain, fun(([public_key:der_encoded()]) -> {trusted_ca, public_key:der_encoded()} | unknown_ca)}
| {password, string()}
| {psk_identity, string()}
@@ -43,6 +45,7 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]}
| {sni_fun, fun()}
| {sni_hosts, [{string(), ssl_opt()}]}
| {user_lookup_fun, {fun(), any()}}
+ | {v2_hello_compatible, boolean()}
| {verify, ssl:verify_type()}
| {verify_fun, {fun(), any()}}
| {versions, [atom()]}.
@@ -67,6 +70,8 @@ The default value is given next to the option name.
alpn_preferred_protocols::
Perform Application-Layer Protocol Negotiation with the given list of preferred protocols.
+beast_mitigation::
+ Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0 to interoperate with legacy software.
cacertfile::
Path to PEM encoded trusted certificates file used to verify peer certificates.
cacerts::
@@ -105,6 +110,8 @@ next_protocols_advertised::
List of protocols to send to the client if it supports the Next Protocol extension.
nodelay (true)::
Whether to enable TCP_NODELAY.
+padding_check::
+ Allow disabling the block cipher padding check for TLS-1.0 to be able to interoperate with legacy software.
partial_chain::
Claim an intermediate CA in the chain as trusted.
password::
@@ -125,6 +132,8 @@ sni_hosts::
Options to apply for the host that matches what the client requested with Server Name Indication.
user_lookup_fun::
Function called to determine the shared secret when using PSK, or provide parameters when using SRP.
+v2_hello_compatible::
+ Accept clients that send hello messages in SSL-2.0 format while offering supported SSL/TLS versions.
verify (verify_none)::
Use `verify_peer` to request a certificate from the client.
verify_fun::