aboutsummaryrefslogtreecommitdiffstats
path: root/doc/src/manual
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/manual')
-rw-r--r--doc/src/manual/ranch_ssl.asciidoc9
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/src/manual/ranch_ssl.asciidoc b/doc/src/manual/ranch_ssl.asciidoc
index 07b835a..b809ec1 100644
--- a/doc/src/manual/ranch_ssl.asciidoc
+++ b/doc/src/manual/ranch_ssl.asciidoc
@@ -15,6 +15,7 @@ The `ranch_ssl` module implements an SSL Ranch transport.
[source,erlang]
----
ssl_opt() = {alpn_preferred_protocols, [binary()]}
+ | {beast_mitigation, one_n_minus_one | zero_n | disabled}
| {cacertfile, string()}
| {cacerts, [public_key:der_encoded()]}
| {cert, public_key:der_encoded()}
@@ -33,6 +34,7 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]}
| {keyfile, string()}
| {log_alert, boolean()}
| {next_protocols_advertised, [binary()]}
+ | {padding_check, boolean()}
| {partial_chain, fun(([public_key:der_encoded()]) -> {trusted_ca, public_key:der_encoded()} | unknown_ca)}
| {password, string()}
| {psk_identity, string()}
@@ -43,6 +45,7 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]}
| {sni_fun, fun()}
| {sni_hosts, [{string(), ssl_opt()}]}
| {user_lookup_fun, {fun(), any()}}
+ | {v2_hello_compatible, boolean()}
| {verify, ssl:verify_type()}
| {verify_fun, {fun(), any()}}
| {versions, [atom()]}.
@@ -67,6 +70,8 @@ The default value is given next to the option name.
alpn_preferred_protocols::
Perform Application-Layer Protocol Negotiation with the given list of preferred protocols.
+beast_mitigation::
+ Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0 to interoperate with legacy software.
cacertfile::
Path to PEM encoded trusted certificates file used to verify peer certificates.
cacerts::
@@ -105,6 +110,8 @@ next_protocols_advertised::
List of protocols to send to the client if it supports the Next Protocol extension.
nodelay (true)::
Whether to enable TCP_NODELAY.
+padding_check::
+ Allow disabling the block cipher padding check for TLS-1.0 to be able to interoperate with legacy software.
partial_chain::
Claim an intermediate CA in the chain as trusted.
password::
@@ -125,6 +132,8 @@ sni_hosts::
Options to apply for the host that matches what the client requested with Server Name Indication.
user_lookup_fun::
Function called to determine the shared secret when using PSK, or provide parameters when using SRP.
+v2_hello_compatible::
+ Accept clients that send hello messages in SSL-2.0 format while offering supported SSL/TLS versions.
verify (verify_none)::
Use `verify_peer` to request a certificate from the client.
verify_fun::