ssl

ssl(6)                    ERLANG APPLICATION DEFINITION                   ssl(6)



NAME
       ssl - The SSL Application

DESCRIPTION
       The Secure Socket Layer (SSL) application provides secure socket
       communication over TCP/IP.


WARNING
       In previous versions of Erlang/OTP SSL it was advised, as a work-around,
       to set the operating system environment variable SSL_CERT_FILE to point
       at a file containing CA certificates. That variable is no longer needed,
       and is not recognised by Erlang/OTP SSL any more.

       However, the OpenSSL package does interpret that environment variable.
       Hence a setting of that variable might have unpredictable effects on the
       Erlang/OTP SSL application. It is therefore adviced to not used that
       environment variable at all.

ENVIRONMENT
       The following application environment configuration parameters are
       defined for the SSL application. Refer to application(3erl) for more
       information about configuration parameters.

       Note that the environment parameters can be set on the command line, for
       instance,

       erl ... -ssl protocol_version '[sslv2, sslv3]' ....

         ephemeral_rsa = true | false <optional>:
             Enables all SSL servers (those that listen and accept) to use
             ephemeral RSA key generation when a clients connect with weak
             handshake cipher specifications, that need equally weak ciphers
             from the server (i.e. obsolete restrictions on export ciphers).
             Default is false.

         debug = true | false <optional>:
             Causes debug information to be written to standard output. Default
             is false.

         debugdir = path() | false <optional>:
             Causes debug information output controlled by debug and msgdebug to
             be printed to a file named ssl_esock.<pid>.log in the directory
             specified by debugdir, where <pid> is the operating system specific
             textual representation of the process indentifier of the external
             port program of the SSL application. Default is false, i.e. no log
             file is produced.

         msgdebug = true | false <optional>:
             Sets debug = true and causes also the contents of low level
             messages to be printed to standard output. Default is false.

         port_program = string() | false <optional>:
             Name of port program. The default is ssl_esock.

         protocol_version = [sslv2|sslv3|tlsv1] <optional>.:
             Name of protocols to use. If this option is not set, all protocols
             are assumed, i.e. the default value is [sslv2, sslv3, tlsv1].

         proxylsport = integer() | false <optional>:
             Define the port number of the listen port of the SSL port program.
             Almost never is this option needed.

         proxylsbacklog = integer() | false <optional>:
             Set the listen queue size of the listen port of the SSL port
             program. The default is 128.

OPENSSL LIBRARIES
       The current implementation of the Erlang SSL application is based on the
       OpenSSL package version 0.9.7 or higher. There are source and binary
       releases on the web.

       Source releases of OpenSSL can be downloaded from the OpenSSL
       <http://www.openssl.org> project home page, or mirror sites listed there.

       The same URL also contains links to some compiled binaries and libraries
       of OpenSSL (see the Related/Binaries menu) of which the Shining Light
       Productions Win32 and OpenSSL
       <http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL>
       pages are of interest for the Win32 user.

       For some Unix flavours there are binary packages available on the net.

       If you cannot find a suitable binary OpenSSL package, you have to fetch
       an OpenSSL source release and compile it.

       You then have to compile and install the libraries libcrypto.so and
       libssl.so (Unix), or the libraries libeay32.dll and ssleay32.dll (Win32).

       For Unix The ssl_esock port program is delivered linked to OpenSSL
       libraries in /usr/local/lib, but the default dynamic linking will also
       accept libraries in /lib and /usr/lib.

       If that is not applicable to the particular Unix operating system used,
       the example Makefile in the SSL priv/obj directory, should be used as a
       guide to relinking the final version of the port program.

       For Win32 it is only required that the libraries can be found from the
       PATH environment variable, or that they reside in the appropriate
       SYSTEM32 directory; hence no particular relinking is need. Hence no
       example Makefile for Win32 is provided.

RESTRICTIONS
       Users must be aware of export restrictions and patent rights concerning
       cryptographic software.

SEE ALSO
       application(3erl)



Ericsson AB                         ssl  3.9                              ssl(6)