diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2022-02-10 16:37:51 +0100 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2022-02-10 16:37:51 +0100 |
commit | 31329c4732fe597aa294001e96784a66639eb984 (patch) | |
tree | 360a1101022ee409173894b79045c0edb4e0b5c4 /lib/ssl/doc/src/ssl.xml | |
parent | 8ea50ee9ad0b2e45c57df7d76d493a72cadeb4e5 (diff) | |
parent | 3414f59718fb8661ee08de913d89b379011147a2 (diff) | |
download | erlang-31329c4732fe597aa294001e96784a66639eb984.tar.gz |
Merge branch 'maint'
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
-rw-r--r-- | lib/ssl/doc/src/ssl.xml | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index fca3862f03..3d8cf7b4f8 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -1748,6 +1748,11 @@ fun(srp, Username :: binary(), UserState :: term()) -> the process owning the sslsocket will receive messages of type <seetype marker="#active_msgs"> active_msgs() </seetype> </p> + + <warning><p>Not setting the timeout makes the server more vulnerable to + DoS attacks. + </p></warning> + </desc> </func> @@ -1760,9 +1765,11 @@ fun(srp, Username :: binary(), UserState :: term()) -> or equivalent, socket to an SSL socket, that is, performs the TLS server-side handshake and returns a TLS socket.</p> - <warning><p>The <c>Socket</c> shall be in passive mode ({active, - false}) before calling this function or else the behavior of this function - is undefined. + <warning><p>The ordinary <c>Socket</c> shall be in passive mode ({active, + false}) before calling this function, and before the client tries + to connect with TLS, or else the behavior of this function + is undefined. The best way to ensure this is to create the ordinary listen socket + in passive mode. </p></warning> <p>If <c>Socket</c> is an @@ -1771,6 +1778,10 @@ fun(srp, Username :: binary(), UserState :: term()) -> <seemfa marker="#listen/2">listen/2</seemfa> and then performs the TLS/DTLS handshake. Returns a new TLS/DTLS socket if the handshake is successful.</p> + <warning><p>Not setting the timeout makes the server more vulnerable to + DoS attacks. + </p></warning> + <p> If option <c>{handshake, hello}</c> is specified the handshake is paused after receiving the client hello message and the |