1ssl(7)                   Erlang Application Definition                  ssl(7)
2
3
4

NAME

6       ssl - The ssl application provides secure communication over
7         sockets.
8

DESCRIPTION

10       The  ssl  application  is  an implementation of the SSL/TLS protocol in
11       Erlang.
12
13         * Supported  SSL/TLS-versions  are  SSL-3.0,  TLS-1.0,  TLS-1.1,  and
14           TLS-1.2.
15
16         * For security reasons SSL-2.0 is not supported.
17
18         * For security reasons SSL-3.0 is no longer supported by default, but
19           can be configured.
20
21         * For security reasons DES cipher suites are no longer  supported  by
22           default, but can be configured.
23
24         *
25            Renegotiation Indication Extension RFC 5746 is supported
26
27         * Ephemeral  Diffie-Hellman  cipher  suites  are  supported,  but not
28           Diffie Hellman Certificates cipher suites.
29
30         * Elliptic Curve cipher suites are supported if the  Crypto  applica‐
31           tion supports it and named curves are used.
32
33         * Export  cipher  suites  are  not  supported  as the U.S. lifted its
34           export restrictions in early 2000.
35
36         * IDEA cipher suites are not supported as they have become deprecated
37           by the latest TLS specification so it is not motivated to implement
38           them.
39
40         * Compression is not supported.
41
42         * CRL validation is supported.
43
44         * Policy certificate extensions are not supported.
45
46         * 'Server Name Indication' extension (RFC 6066) is supported.
47
48         * Application Layer Protocol Negotiation  (ALPN)  and  its  successor
49           Next Protocol Negotiation (NPN) are supported.
50
51         * It  is possible to use Pre-Shared Key (PSK) and Secure Remote Pass‐
52           word (SRP) cipher suites, but they are not enabled by default.
53

DEPENDENCIES

55       The SSL application uses the public_key and Crypto application to  han‐
56       dle public keys and encryption, hence these applications must be loaded
57       for the SSL application to work. In an embedded environment this  means
58       they must be started with application:start/[1,2] before the SSL appli‐
59       cation is started.
60

CONFIGURATION

62       The application environment configuration parameters  in  this  section
63       are defined for the SSL application. For more information about config‐
64       uration parameters, see the application(3) manual page in Kernel.
65
66       The environment parameters can be set on the command line, for example:
67
68       erl -ssl protocol_version "['tlsv1.2', 'tlsv1.1']"
69
70         protocol_version = ssl:protocol()<optional>:
71           Protocol supported by started clients and servers. If  this  option
72           is not set, it defaults to all protocols currently supported by the
73           SSL application. This option  can  be  overridden  by  the  version
74           option to ssl:connect/[2,3] and ssl:listen/2.
75
76         session_lifetime = integer() <optional>:
77           Maximum  lifetime  of  the  session data in seconds. Defaults to 24
78           hours which is the maximum recommended lifetime by RFC  5246.  How‐
79           ever sessions may be invalidated earlier due to the maximum limita‐
80           tion of the session cache table.
81
82         session_cb = atom() <optional>:
83           Name of the session  cache  callback  module  that  implements  the
84           ssl_session_cache_api behavior. Defaults to ssl_session_cache.
85
86         session_cb_init_args = proplist:proplist() <optional>:
87           List  of  extra  user-defined arguments to the init function in the
88           session cache callback module. Defaults to [].
89
90         session_cache_client_max = integer() <optional>
91           : Limits the growth of the clients session cache, that is how  many
92           sessions  towards  servers that are cached to be used by new client
93           connections. If the maximum number of sessions is reached, the cur‐
94           rent  cache entries will be invalidated regardless of their remain‐
95           ing lifetime. Defaults to 1000.
96
97         session_cache_server_max = integer() <optional>:
98           Limits the growth of the servers session cache, that  is  how  many
99           client  sessions are cached by the server. If the maximum number of
100           sessions is reached, the current cache entries will be  invalidated
101           regardless of their remaining lifetime. Defaults to 1000.
102
103         ssl_pem_cache_clean = integer() <optional>:
104           Number of milliseconds between PEM cache validations. Defaults to 2
105           minutes.ssl:clear_pem_cache/0
106
107         bypass_pem_cache = boolean() <optional>:
108           Introduced in ssl-8.0.2. Disables the PEM-cache. The PEM cache  has
109           proven  to  be  a  bottleneck,  until  the  implementation has been
110           improved this can be used as a workaround. Defaults to false.
111
112         alert_timeout = integer() <optional>:
113           Number of milliseconds between sending of a fatal alert and closing
114           the  connection.  Waiting a little while improves the peers chances
115           to properly receiving the alert  so  it  may  shutdown  gracefully.
116           Defaults to 5000 milliseconds.
117

ERROR LOGGER AND EVENT HANDLERS

119       The SSL application uses the default OTP error logger to log unexpected
120       errors and TLS alerts. The logging of TLS alerts may be turned off with
121       the log_alert option.
122

SEE ALSO

124       application(3)
125
126
127
128Ericsson AB                       ssl 8.2.6.4                           ssl(7)
Impressum