Prepare release

1 files changed, 202 insertions, 0 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 911055d742..5b767d2d01 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -27,6 +27,208 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
 
+<section><title>SSL 11.0</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Remove less that 256 bit ECC from default supported ECC
+	    pre TLS-1.3</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-14771</p>
+        </item>
+        <item>
+          <p>
+	    Improved error checking and handling of ssl options.</p>
+          <p>
+	    Own Id: OTP-15903</p>
+        </item>
+        <item>
+          <p>
+	    With this change, stateless tickets generated by server
+	    with anti_replay option enabled can be used for creating
+	    ClientHello throughout ticket lifetime. Without this
+	    change, usability was limited to WindowSize number of
+	    seconds configured for anti_replay option.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-18168 Aux Id: PR-6019, GH-6014 </p>
+        </item>
+        <item>
+	    <p> Support for Kernel TLS (kTLS), has been added to the
+	    SSL application, for TLS distribution (<c>-proto_dist
+	    inet_tls</c>), the SSL option <c>{ktls, true}</c>. Using
+	    this for general SSL sockets is uncomfortable,
+	    undocumented and not recommended since it requires very
+	    platform dependent raw options. </p><p> This, for now,
+	    only works for some not too old Linux distributions.
+	    Roughly, a kernel 5.2.0 or later with support for
+	    UserLand Protocols and the kernel module <c>tls</c> is
+	    required. </p>
+          <p>
+	    Own Id: OTP-18235 Aux Id: PR-6104, PR-5840 </p>
+        </item>
+        <item>
+          <p>
+	    With this change, TLS 1.3 server can be configured to
+	    include client certificate in session ticket.</p>
+          <p>
+	    Own Id: OTP-18253</p>
+        </item>
+        <item>
+          <p>
+	    With this change, it is possible to configure encryption
+	    seed to be used with TLS1.3 stateless tickets. This
+	    enables using tickets on different server instances.</p>
+          <p>
+	    Own Id: OTP-18254 Aux Id: PR-5982 </p>
+        </item>
+        <item>
+          <p>
+	    Debugging enhancements.</p>
+          <p>
+	    Own Id: OTP-18312</p>
+        </item>
+        <item>
+          <p>
+	    With this change, maybe keyword atom is not used as
+	    function name in ssl code.</p>
+          <p>
+	    Own Id: OTP-18335</p>
+        </item>
+        <item>
+          <p>
+	    Replace size/1 with either tuple_size/1 or byte_size/1</p>
+          <p>
+	    The <c>size/1</c> BIF is not optimized by the JIT, and
+	    its use can result in worse types for Dialyzer.</p>
+          <p>
+	    When one knows that the value being tested must be a
+	    tuple, <c>tuple_size/1</c> should always be preferred.</p>
+          <p>
+	    When one knows that the value being tested must be a
+	    binary, <c>byte_size/1</c> should be preferred. However,
+	    <c>byte_size/1</c> also accepts a bitstring (rounding up
+	    size to a whole number of bytes), so one must make sure
+	    that the call to <c>byte_size/</c> is preceded by a call
+	    to <c>is_binary/1</c> to ensure that bitstrings are
+	    rejected. Note that the compiler removes redundant calls
+	    to <c>is_binary/1</c>, so if one is not sure whether
+	    previous code had made sure that the argument is a
+	    binary, it does not harm to add an <c>is_binary/1</c>
+	    test immediately before the call to <c>byte_size/1</c>.</p>
+          <p>
+	    Own Id: OTP-18405 Aux Id:
+	    GH-6672,PR-6702,PR-6768,PR-6700,PR-6769,PR-6812,PR-6814 </p>
+        </item>
+        <item>
+          <p>
+	    For security reasons remove support for SHA1 and DSA
+	    algorithms from default values.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-18438 Aux Id: GH-6679 </p>
+        </item>
+        <item>
+          <p>
+	    Mitigate memory usage from large certificate chains by
+	    lowering the maximum handshake size. This should not
+	    effect the common cases, if needed it can be configured
+	    to a higher value.</p>
+          <p>
+	    Own Id: OTP-18453</p>
+        </item>
+        <item>
+          <p>
+	    Change the client default verify option to verify_peer.
+	    Note that this makes it mandatory to also supply trusted
+	    CA certificates or explicitly set verify to verify_none.
+	    This also applies when using the so called anonymous test
+	    cipher suites defined in TLS versions pre TLS-1.3.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-18455 Aux Id: GH-5899 </p>
+        </item>
+        <item>
+          <p>
+	    Erlang distribution code in Kernel and SSL has been
+	    refactored a bit to facilitate debugging and
+	    re-usability, which shouldn't have any noticeable effects
+	    on behaviour or performance.</p>
+          <p>
+	    Own Id: OTP-18456</p>
+        </item>
+        <item>
+          <p>
+	    Add encoding and decoding of use_srtp hello extension to
+	    facilitate for DTLS users to implement SRTP
+	    functionality.</p>
+          <p>
+	    Own Id: OTP-18459</p>
+        </item>
+        <item>
+          <p>
+	    Refactors the (<c>ssl</c> application to use macros for
+	    TLS and DTLS versions instead of hard-coded tuple
+	    numbers. This change improves the maintainability of
+	    <c>ssl</c></p>
+          <p>
+	    Own Id: OTP-18465 Aux Id: GH-7065 </p>
+        </item>
+        <item>
+          <p>
+	    If the function ssl:renegotiate/1 is called on connection
+	    that is running TLS-1.3 return an error instead of
+	    hanging or timing out.</p>
+          <p>
+	    Own Id: OTP-18507</p>
+        </item>
+        <item>
+          <p>
+	    If a user cancel alert with level warning is received
+	    during handshake make it be handled the same regardless
+	    of TLS version. If it is received in connection in
+	    TLS-1.3 regard it as an error as it is inappropriate.</p>
+          <p>
+	    In TLS-1.3 all error alerts are considered FATAL
+	    regardless of legacy alert type. But make sure legacy
+	    type is printed in logs to not confuse users that are
+	    expecting the same legacy type as sent by peer.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-18531</p>
+        </item>
+        <item>
+          <p>
+	    Make <c>fail_if_no_peer_cert</c> default true if
+	    verify_peer is set on the server, otherwise the server
+	    will accept the connection if verify_peer is set and the
+	    user have forgot to set the fail_if_no_peer_cert and the
+	    client did not send a certificate.</p>
+          <p>
+	    Own Id: OTP-18567</p>
+        </item>
+        <item>
+          <p>
+	    To make it easier to configure signature algorithms with
+	    algorithms that are moved from the default add the API
+	    function signature_algs/2 that lists possible values.
+	    Also make sha224 a non default value.</p>
+          <p>
+	    Own Id: OTP-18572</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SSL 10.9.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>