diff options
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 64 |
1 files changed, 58 insertions, 6 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 700709ed7a..b4a30a68c8 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -477,12 +477,10 @@ {sha384, ecdsa}, {sha384, rsa}, {sha256, ecdsa}, -{sha256, rsa}, -{sha224, ecdsa}, -{sha224, rsa} +{sha256, rsa} ]</code> -<p>Support for {md5, rsa} was removed from the the TLS-1.2 default in ssl-8.0 (OTP-22) and support for SHA1 {sha, _} was removed in ssl-11.0 (OTP-26) </p> +<p>Support for {md5, rsa} was removed from the the TLS-1.2 default in ssl-8.0 (OTP-22) and support for SHA1 {sha, _} and SHA224 {sha224, _} was removed in ssl-11.0 (OTP-26) </p> <p><c> rsa_pss_schemes =</c></p> <code> @@ -521,10 +519,10 @@ rsa_pss_schemes() <p>EDDSA was made highest priority in ssl-10.8 (OTP-25) </p> <p>TLS-1.3 default is</p> -<code>Default_TLS_13_Schemes ++ Legacy_TLS_13_Schemes </code> +<code>Default_TLS_13_Schemes</code> <p>If both TLS-1.3 and TLS-1.2 are supported the default will be</p> -<code>Default_TLS_13_Schemes ++ Default_TLS_12_Alg_Pairs </code> +<code>Default_TLS_13_Schemes ++ TLS_13_Legacy_Schemes ++ Default_TLS_12_Alg_Pairs (not represented in TLS_13_Legacy_Schemes) </code> <p>so appropriate algorithms can be chosen for the negotiated version. @@ -2175,6 +2173,60 @@ fun(srp, Username :: binary(), UserState :: term()) -> is useful.</p> </desc> </func> + + <func> + <name since="OTP @OTP-18572@" name="signature_algs" arity="2" /> + <fsummary>Returns a list of signature algorithms/schemes </fsummary> + <desc> + <p>Lists all possible signature algorithms corresponding to + <c>Description</c> that are available. The + <c>exclusive</c> option will exclusively list + algorithms/schemes for that protocol version, whereas the + <c>default</c> and <c>all</c> options lists the combined list to support the + range of protocols from (D)TLS-1.2, the first version to support + configuration of the signature algorithms, to <c>Version</c>.</p> + + <p> Example: <c> + + 1> ssl:signature_algs(default, 'tlsv1.3'). + [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512, + ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256, + rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256, + rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256, + rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256, + {sha512,ecdsa}, + {sha384,ecdsa}, + {sha256,ecdsa}] + + 2>ssl:signature_algs(all, 'tlsv1.3'). + [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512, + ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256, + rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256, + rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256, + rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256, + {sha512,ecdsa}, + {sha384,ecdsa}, + {sha256,ecdsa}, + {sha224,ecdsa}, + {sha224,rsa}, + {sha,rsa}, + {sha,dsa}] + + 3> ssl:signature_algs(exclusive, 'tlsv1.3'). + [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512, + ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256, + rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256, + rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256] + </c></p> + + <note><p>Some TLS-1-3 scheme names overlap with TLS-1.2 + algorithm-tuple-pair-names and then TLS-1.3 names will be + used, for example <c>rsa_pkcs1_sha256</c> instead of + <c>{sha256, rsa}</c> these are legacy algorithms in TLS-1.3 + that apply only to certificate signatures in this version of + the protocol.</p></note> + </desc> + </func> <func> <name since="" name="sockname" arity="1" /> |