Update ranch_ssl:ssl_opt() to conform with OTP 22 ssl

1 files changed, 53 insertions, 23 deletions

diff --git a/doc/src/manual/ranch_ssl.asciidoc b/doc/src/manual/ranch_ssl.asciidoc
index 3a4a146..00f6fad 100644
--- a/doc/src/manual/ranch_ssl.asciidoc
+++ b/doc/src/manual/ranch_ssl.asciidoc
@@ -41,41 +41,44 @@ List of listen options.
 ----
 ssl_opt() = {alpn_preferred_protocols, [binary()]}
           | {beast_mitigation, one_n_minus_one | zero_n | disabled}
-          | {cacertfile, string()}
+          | {cacertfile, file:filename()}
           | {cacerts, [public_key:der_encoded()]}
           | {cert, public_key:der_encoded()}
-          | {certfile, string()}
-          | {ciphers, [ssl:erl_cipher_suite()] | string()}
+          | {certfile, file:filename()}
+          | {ciphers, ssl:ciphers()}
           | {client_renegotiation, boolean()}
-          | {crl_cache, {module(), {internal | any(), list()}}}
+          | {crl_cache, [any()]}
           | {crl_check, boolean() | peer | best_effort}
-          | {depth, 0..255}
-          | {dh, public_key:der_encoded()}
-          | {dhfile, string()}
+          | {depth, integer()}
+          | {dh, binary()}
+          | {dhfile, file:filename()}
+          | {eccs, [atom()]}
           | {fail_if_no_peer_cert, boolean()}
-          | {hibernate_after, integer() | undefined}
+          | {hibernate_after, timeout()}
           | {honor_cipher_order, boolean()}
-          | {key, {'RSAPrivateKey' | 'DSAPrivateKey' | 'PrivateKeyInfo',
-                public_key:der_encoded()}}
-          | {keyfile, string()}
+          | {honor_ecc_order, boolean()}
+          | {key, ssl:key()}
+          | {keyfile, file:filename()}
           | {log_alert, boolean()}
+          | {log_level, logger:level()}
+          | {max_handshake_size, integer()}
           | {next_protocols_advertised, [binary()]}
           | {padding_check, boolean()}
-          | {partial_chain, fun(([public_key:der_encoded()])
-                -> {trusted_ca, public_key:der_encoded()} | unknown_ca)}
+          | {partial_chain, fun()}
           | {password, string()}
+          | {protocol, tls | dtls}
           | {psk_identity, string()}
           | {reuse_session, fun()}
           | {reuse_sessions, boolean()}
           | {secure_renegotiate, boolean()}
-          | {signature_algs, [{atom(), atom()}]}
+          | {signature_algs, [{ssl:hash(), ssl:sign_algo()}]}
+          | {signature_algs_cert, [atom()]}
           | {sni_fun, fun()}
           | {sni_hosts, [{string(), ssl_opt()}]}
           | {user_lookup_fun, {fun(), any()}}
-          | {v2_hello_compatible, boolean()}
-          | {verify, ssl:verify_type()}
+          | {verify, verify_none | verify_peer}
           | {verify_fun, {fun(), any()}}
-          | {versions, [atom()]}
+          | {versions, [ssl:protocol_version()]}
 ----
 
 SSL-specific listen options.
@@ -91,7 +94,7 @@ alpn_preferred_protocols::
 Perform Application-Layer Protocol Negotiation
 with the given list of preferred protocols.
 
-beast_mitigation::
+beast_mitigation (one_n_minus_one)::
 
 Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0
 to interoperate with legacy software.
@@ -144,6 +147,10 @@ dhfile::
 
 Path to the PEM encoded Diffie-Hellman parameters file.
 
+eccs::
+
+List of named ECC curves.
+
 fail_if_no_peer_cert (false)::
 
 Whether to refuse the connection if the client sends an
@@ -159,6 +166,11 @@ honor_cipher_order (false)::
 If true, use the server's preference for cipher selection.
 If false, use the client's preference.
 
+honor_ecc_order (false)::
+
+If true, use the server's preference for ECC curve selection.
+If false, use the client's preference.
+
 key::
 
 DER encoded user private key.
@@ -172,6 +184,15 @@ log_alert (true)::
 
 If false, error reports will not be displayed.
 
+log_level::
+
+Specifies the log level for TLS/DTLS.
+
+max_handshake_size (256*1024)::
+
+Used to limit the size of valid TLS handshake packets to
+avoid DoS attacks.
+
 next_protocols_advertised::
 
 List of protocols to send to the client if it supports the
@@ -190,6 +211,10 @@ password::
 
 Password to the private key file, if password protected.
 
+protocol (tls)::
+
+Choose TLS or DTLS protocol for the transport layer security.
+
 psk_identity::
 
 Provide the given PSK identity hint to the client during the
@@ -214,6 +239,12 @@ The TLS signature algorithm extension may be used, from TLS 1.2,
 to negotiate which signature algorithm to use during the TLS
 handshake.
 
+signature_algs_cert::
+
+List of signature schemes for the signature_algs_cert extension
+introduced in TLS 1.3, in order to make special requirements
+on signatures used in certificates.
+
 sni_fun::
 
 Function called when the client requests a host using Server
@@ -229,11 +260,6 @@ user_lookup_fun::
 Function called to determine the shared secret when using PSK,
 or provide parameters when using SRP.
 
-v2_hello_compatible::
-
-Accept clients that send hello messages in SSL-2.0 format while
-offering supported SSL/TLS versions.
-
 verify (verify_none)::
 
 Use `verify_peer` to request a certificate from the client.
@@ -254,6 +280,10 @@ greater control over the client certificate validation.
 
 The options `sni_fun` and `sni_hosts` are mutually exclusive.
 
+== Changelog
+
+* *2.0*: The `ssl_opt()` type was updated for OTP-22.0.
+
 == See also
 
 link:man:ranch(7)[ranch(7)],