<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css">
<title>Erlang -- ssl</title>
</head>
<body bgcolor="white" text="#000000" link="#0000ff" vlink="#ff00ff" alink="#ff0000"><div id="container">
<script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript">
<!--
function getWinHeight() {
var myHeight = 0;
if( typeof( window.innerHeight ) == 'number' ) {
//Non-IE
myHeight = window.innerHeight;
} else if( document.documentElement && ( document.documentElement.clientWidth ||
document.documentElement.clientHeight ) ) {
//IE 6+ in 'standards compliant mode'
myHeight = document.documentElement.clientHeight;
} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
//IE 4 compatible
myHeight = document.body.clientHeight;
}
return myHeight;
}
function setscrollpos() {
var objf=document.getElementById('loadscrollpos');
document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2;
}
function addEvent(obj, evType, fn){
if (obj.addEventListener){
obj.addEventListener(evType, fn, true);
return true;
} else if (obj.attachEvent){
var r = obj.attachEvent("on"+evType, fn);
return r;
} else {
return false;
}
}
addEvent(window, 'load', setscrollpos);
//--></script><div id="leftnav"><div class="innertube">
<img alt="Erlang logo" src="../../../../doc/erlang-logo.png"><br><small><a href="users_guide.html">User's Guide</a><br><a href="index.html">Reference Manual</a><br><a href="release_notes.html">Release Notes</a><br><a href="../pdf/ssl-3.10.8.pdf">PDF</a><br><a href="../../../../doc/index.html">Top</a></small><p><strong>Secure Socket Layer </strong><br><strong>Reference Manual</strong><br><small>Version 3.10.8</small></p>
<br><a href="javascript:openAllFlips()">Expand All</a><br><a href="javascript:closeAllFlips()">Contract All</a><p><small><strong>Table of Contents</strong></small></p>
<ul class="flipMenu">
<li title="ssl (App)"><a href="ssl_app.html">ssl (App)
</a></li>
<li id="loadscrollpos" title="ssl " expanded="true">ssl<ul>
<li><a href="ssl.html">
Top of manual page
</a></li>
<li title="ciphers-0"><a href="ssl.html#ciphers-0">ciphers/0</a></li>
<li title="close-1"><a href="ssl.html#close-1">close/1</a></li>
<li title="connect-3"><a href="ssl.html#connect-3">connect/3</a></li>
<li title="connect-4"><a href="ssl.html#connect-4">connect/4</a></li>
<li title="connection_info-1"><a href="ssl.html#connection_info-1">connection_info/1</a></li>
<li title="controlling_process-2"><a href="ssl.html#controlling_process-2">controlling_process/2</a></li>
<li title="format_error-1"><a href="ssl.html#format_error-1">format_error/1</a></li>
<li title="getopts-2"><a href="ssl.html#getopts-2">getopts/2</a></li>
<li title="listen-2"><a href="ssl.html#listen-2">listen/2</a></li>
<li title="peercert-1"><a href="ssl.html#peercert-1">peercert/1</a></li>
<li title="peername-1"><a href="ssl.html#peername-1">peername/1</a></li>
<li title="pid-1"><a href="ssl.html#pid-1">pid/1</a></li>
<li title="recv-2"><a href="ssl.html#recv-2">recv/2</a></li>
<li title="recv-3"><a href="ssl.html#recv-3">recv/3</a></li>
<li title="seed-1"><a href="ssl.html#seed-1">seed/1</a></li>
<li title="send-2"><a href="ssl.html#send-2">send/2</a></li>
<li title="setopts-2"><a href="ssl.html#setopts-2">setopts/2</a></li>
<li title="ssl_accept-1"><a href="ssl.html#ssl_accept-1">ssl_accept/1</a></li>
<li title="ssl_accept-2"><a href="ssl.html#ssl_accept-2">ssl_accept/2</a></li>
<li title="sockname-1"><a href="ssl.html#sockname-1">sockname/1</a></li>
<li title="transport_accept-1"><a href="ssl.html#transport_accept-1">transport_accept/1</a></li>
<li title="transport_accept-2"><a href="ssl.html#transport_accept-2">transport_accept/2</a></li>
<li title="version-0"><a href="ssl.html#version-0">version/0</a></li>
</ul>
</li>
<li id="no" title="new_ssl " expanded="false">new_ssl<ul>
<li><a href="new_ssl.html">
Top of manual page
</a></li>
<li title="cipher_suites-0"><a href="new_ssl.html#cipher_suites-0">cipher_suites/0</a></li>
<li title="cipher_suites-1"><a href="new_ssl.html#cipher_suites-1">cipher_suites/1</a></li>
<li title="connect-2"><a href="new_ssl.html#connect-2">connect/2</a></li>
<li title="connect-3"><a href="new_ssl.html#connect-3">connect/3</a></li>
<li title="connect-3"><a href="new_ssl.html#connect-3">connect/3</a></li>
<li title="connect-4"><a href="new_ssl.html#connect-4">connect/4</a></li>
<li title="close-1"><a href="new_ssl.html#close-1">close/1</a></li>
<li title="controlling_process-2"><a href="new_ssl.html#controlling_process-2">controlling_process/2</a></li>
<li title="connection_info-1"><a href="new_ssl.html#connection_info-1">connection_info/1</a></li>
<li title="getopts-1"><a href="new_ssl.html#getopts-1">getopts/1</a></li>
<li title="getopts-2"><a href="new_ssl.html#getopts-2">getopts/2</a></li>
<li title="listen-2"><a href="new_ssl.html#listen-2">listen/2</a></li>
<li title="peercert-1"><a href="new_ssl.html#peercert-1">peercert/1</a></li>
<li title="peername-1"><a href="new_ssl.html#peername-1">peername/1</a></li>
<li title="recv-2"><a href="new_ssl.html#recv-2">recv/2</a></li>
<li title="recv-3"><a href="new_ssl.html#recv-3">recv/3</a></li>
<li title="send-2"><a href="new_ssl.html#send-2">send/2</a></li>
<li title="setopts-2"><a href="new_ssl.html#setopts-2">setopts/2</a></li>
<li title="shutdown-2"><a href="new_ssl.html#shutdown-2">shutdown/2</a></li>
<li title="ssl_accept-1"><a href="new_ssl.html#ssl_accept-1">ssl_accept/1</a></li>
<li title="ssl_accept-2"><a href="new_ssl.html#ssl_accept-2">ssl_accept/2</a></li>
<li title="ssl_accept-2"><a href="new_ssl.html#ssl_accept-2">ssl_accept/2</a></li>
<li title="ssl_accept-3"><a href="new_ssl.html#ssl_accept-3">ssl_accept/3</a></li>
<li title="sockname-1"><a href="new_ssl.html#sockname-1">sockname/1</a></li>
<li title="start-0"><a href="new_ssl.html#start-0">start/0</a></li>
<li title="start-1"><a href="new_ssl.html#start-1">start/1</a></li>
<li title="stop-0"><a href="new_ssl.html#stop-0">stop/0</a></li>
<li title="transport_accept-1"><a href="new_ssl.html#transport_accept-1">transport_accept/1</a></li>
<li title="transport_accept-2"><a href="new_ssl.html#transport_accept-2">transport_accept/2</a></li>
<li title="versions-0"><a href="new_ssl.html#versions-0">versions/0</a></li>
</ul>
</li>
</ul>
</div></div>
<div id="content">
<div class="innertube">
<!-- refpage --><center><h1>ssl</h1></center>
<h3>APPLICATION</h3>
<div class="REFBODY">ssl</div>
<h3>APPLICATION SUMMARY</h3>
<div class="REFBODY">The SSL Application</div>
<h3>DESCRIPTION</h3>
<div class="REFBODY"><p>
<p>The Secure Socket Layer (SSL) application provides secure
socket communication over TCP/IP.
</p>
</p></div>
<h3><a name="id2251579">Warning</a></h3>
<div class="REFBODY">
<p>In previous versions of Erlang/OTP SSL it was advised, as a
work-around, to set the operating system environment variable
<span class="code">SSL_CERT_FILE</span> to point at a file containing CA
certificates. That variable is no longer needed, and is not
recognised by Erlang/OTP SSL any more.
</p>
<p>However, the OpenSSL package does interpret that environment
variable. Hence a setting of that variable might have
unpredictable effects on the Erlang/OTP SSL application. It is
therefore adviced to not used that environment variable at all.</p>
</div>
<h3><a name="id2253175">Environment</a></h3>
<div class="REFBODY">
<p>The following application environment configuration parameters
are defined for the SSL application. Refer to application(3) for
more information about configuration parameters.
</p>
<p>Note that the environment parameters can be set on the command line,
for instance,</p>
<p><span class="code">erl ... -ssl protocol_version '[sslv2,sslv3]' ...</span>.
</p>
<dl>
<dt><strong><span class="code">ephemeral_rsa = true | false <optional></span></strong></dt>
<dd>
<p>Enables all SSL servers (those that listen and accept)
to use ephemeral RSA key generation when a clients connect with
weak handshake cipher specifications, that need equally weak
ciphers from the server (i.e. obsolete restrictions on export
ciphers). Default is <span class="code">false</span>.
</p>
</dd>
<dt><strong><span class="code">debug = true | false <optional></span></strong></dt>
<dd>
<p>Causes debug information to be written to standard
output. Default is <span class="code">false</span>.
</p>
</dd>
<dt><strong><span class="code">debugdir = path() | false <optional></span></strong></dt>
<dd>
<p>Causes debug information output controlled by <span class="code">debug</span>
and <span class="code">msgdebug</span> to be printed to a file named
<span class="code">ssl_esock.<pid>.log</span> in the directory specified by
<span class="code">debugdir</span>, where <span class="code"><pid></span> is the operating system
specific textual representation of the process identifier
of the external port program of the SSL application. Default
is <span class="code">false</span>, i.e. no log file is produced.
</p>
</dd>
<dt><strong><span class="code">msgdebug = true | false <optional></span></strong></dt>
<dd>
<p>Sets <span class="code">debug = true</span> and causes also the contents
of low level messages to be printed to standard output.
Default is <span class="code">false</span>.
</p>
</dd>
<dt><strong><span class="code">port_program = string() | false <optional></span></strong></dt>
<dd>
<p>Name of port program. The default is <span class="code">ssl_esock</span>.
</p>
</dd>
<dt><strong><span class="code">protocol_version = [sslv2|sslv3|tlsv1] <optional></span>.</strong></dt>
<dd>
<p>Name of protocols to use. If this option is not set,
all protocols are assumed, i.e. the default value is
<span class="code">[sslv2, sslv3, tlsv1]</span>.
</p>
</dd>
<dt><strong><span class="code">proxylsport = integer() | false <optional></span></strong></dt>
<dd>
<p>Define the port number of the listen port of the
SSL port program. Almost never is this option needed.
</p>
</dd>
<dt><strong><span class="code">proxylsbacklog = integer() | false <optional></span></strong></dt>
<dd>
<p>Set the listen queue size of the listen port of the
SSL port program. The default is 128.
</p>
</dd>
</dl>
</div>
<h3><a name="id2257066">OpenSSL libraries</a></h3>
<div class="REFBODY">
<p>The current implementation of the Erlang SSL application is
based on the <strong>OpenSSL</strong> package version 0.9.7 or higher.
There are source and binary releases on the web.
</p>
<p>Source releases of OpenSSL can be downloaded from the <span class="bold_code"><a href="http://www.openssl.org">OpenSSL</a></span> project home page,
or mirror sites listed there.
</p>
<p>The same URL also contains links to some compiled binaries and
libraries of OpenSSL (see the <span class="code">Related/Binaries</span> menu) of
which the <span class="bold_code"><a href="http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL">Shining Light Productions Win32 and OpenSSL</a></span> pages are of
interest for the Win32 user.
</p>
<p>For some Unix flavours there are binary packages available
on the net.
</p>
<p>If you cannot find a suitable binary OpenSSL package, you
have to fetch an OpenSSL source release and compile it.
</p>
<p>You then have to compile and install the libraries
<span class="code">libcrypto.so</span> and <span class="code">libssl.so</span> (Unix), or the
libraries <span class="code">libeay32.dll</span> and <span class="code">ssleay32.dll</span> (Win32).
</p>
<p>For Unix The <span class="code">ssl_esock</span> port program is delivered linked
to OpenSSL libraries in <span class="code">/usr/local/lib</span>, but the default
dynamic linking will also accept libraries in <span class="code">/lib</span> and
<span class="code">/usr/lib</span>.
</p>
<p>If that is not applicable to the particular Unix operating
system used, the example <span class="code">Makefile</span> in the SSL
<span class="code">priv/obj</span> directory, should be used as a guide to
relinking the final version of the port program.
</p>
<p>For <span class="code">Win32</span> it is only required that the libraries can be
found from the <span class="code">PATH</span> environment variable, or that they
reside in the appropriate <span class="code">SYSTEM32</span> directory; hence no
particular relinking is need. Hence no example <span class="code">Makefile</span>
for Win32 is provided.</p>
</div>
<h3><a name="id2262992">Restrictions</a></h3>
<div class="REFBODY">
<p>Users must be aware of export restrictions and patent rights
concerning cryptographic software.
</p>
</div>
<h3><a name="id2263005">SEE ALSO</a></h3>
<div class="REFBODY">
<p>application(3)</p>
</div>
</div>
<div class="footer">
<hr>
<p>Copyright © 1999-2010 Ericsson AB. All Rights Reserved.</p>
</div>
</div>
</div></body>
</html>
distrib
>
Fedora
>
13
>
i386
>
media
>
os
>
by-pkgid
>
f806c0f24240b25bde21a53f71766070
>
files
>
1406
