1ssl(7)                   Erlang Application Definition                  ssl(7)
2
3
4

NAME

6       ssl - The ssl application provides secure communication over
7         sockets.
8

DESCRIPTION

10       The  ssl application is an implementation of the SSL, TLS and DTLS pro‐
11       tocols in Erlang.
12
13       For current statement of standards compliance see the User's Guide.
14

DEPENDENCIES

16       The SSL application uses the public_key, asn1 and Crypto application to
17       handle  public  keys  and  encryption, hence these applications must be
18       loaded for the SSL application to work. In an embedded environment this
19       means  they must be started with application:start/[1,2] before the SSL
20       application is started.
21

CONFIGURATION

23       The application environment configuration parameters  in  this  section
24       are defined for the SSL application. For more information about config‐
25       uration parameters, see the application(3) manual page in Kernel.
26
27       The environment parameters can be set on the command line, for example:
28
29       erl -ssl protocol_version "['tlsv1.2', 'tlsv1.1']"
30
31         protocol_version = ssl:ssl_tls_protocol()<optional>:
32           Protocol supported by started clients and servers. If  this  option
33           is not set, it defaults to all TLS protocols currently supported by
34           the SSL application. This option can be overridden by  the  version
35           option to ssl:connect/[2,3] and ssl:listen/2.
36
37         dtls_protocol_version = ssl:dtls_protocol()<optional>:
38           Protocol  supported  by started clients and servers. If this option
39           is not set, it defaults to all DTLS protocols  currently  supported
40           by  the  SSL application. This option can be overridden by the ver‐
41           sion option to ssl:connect/[2,3] and ssl:listen/2.
42
43         session_lifetime = integer() <optional>:
44           Maximum lifetime of the session data in  seconds.  Defaults  to  24
45           hours  which  is the maximum recommended lifetime by RFC 5246. How‐
46           ever sessions may be invalidated earlier due to the maximum limita‐
47           tion of the session cache table.
48
49         session_cb = atom() <optional>:
50           Name  of  the  session  cache  callback  module that implements the
51           ssl_session_cache_api behavior. Defaults to ssl_session_cache.
52
53         session_cb_init_args = proplist:proplist() <optional>:
54           List of extra user-defined arguments to the init  function  in  the
55           session cache callback module. Defaults to [].
56
57         session_cache_client_max = integer() <optional>
58           :  Limits the growth of the clients session cache, that is how many
59           sessions towards servers that are cached to be used by  new  client
60           connections. If the maximum number of sessions is reached, the cur‐
61           rent cache entries will be invalidated regardless of their  remain‐
62           ing  lifetime. Defaults to 1000. Recommended ssl-8.2.1 or later for
63           this option to work as intended.
64
65         session_cache_server_max = integer() <optional>:
66           Limits the growth of the servers session cache, that  is  how  many
67           client  sessions are cached by the server. If the maximum number of
68           sessions is reached, the current cache entries will be  invalidated
69           regardless  of  their  remaining lifetime. Defaults to 1000. Recom‐
70           mended ssl-8.2.1 or later for this option to work as intended.
71
72         ssl_pem_cache_clean = integer() <optional>:
73           Number of milliseconds between PEM cache validations. Defaults to 2
74           minutes.ssl:clear_pem_cache/0
75
76         bypass_pem_cache = boolean() <optional>:
77           Introduced  in  ssl-8.0.2. Disables the PEM-cache. Can be used as a
78           workaround for the PEM-cache bottleneck before ssl-8.1.1.  Defaults
79           to false.
80
81         alert_timeout = integer() <optional>:
82           Number of milliseconds between sending of a fatal alert and closing
83           the connection. Waiting a little while improves the  peers  chances
84           to  properly  receiving  the  alert  so it may shutdown gracefully.
85           Defaults to 5000 milliseconds.
86
87         internal_active_n = integer() <optional>:
88           For TLS connections this value  is  used  to  handle  the  internal
89           socket. As the implementation was changed from an active once to an
90           active N behavior (N = 100), for performance reasons,  this  option
91           exist  for  possible  tweaking  or  restoring  of  the old behavior
92           (internal_active_n = 1) in unforeseen scenarios.  The  option  will
93           not  affect  erlang  distribution  over TLS that will always run in
94           active N mode. Added in ssl-9.1 (OTP-21.2).
95

ERROR LOGGER AND EVENT HANDLERS

97       The SSL application uses the default OTP error logger to log unexpected
98       errors  and  TLS/DTLS  alerts.  The  logging  of TLS/DTLS alerts may be
99       turned off with the log_alert option.
100

SEE ALSO

102       application(3)
103
104
105
106Ericsson AB                         ssl 9.4                             ssl(7)
Impressum