<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- This document was generated using DocBuilder-0.9.8.4 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>ssl</title>
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
  <script type="text/javascript" src="../../../../doc/erlresolvelinks.js"></script>
  <style type="text/css">
<!--
    body          { font-family: Verdana, Arial, Helvetica, sans-serif }
    span.bold_code        { font-family: courier;font-weight: bold}
    span.code        { font-family: courier;font-weight: normal}

.note, .warning {
  border: solid black 1px;
  margin: 1em 3em;
}

.note .label {
  background: #30d42a;
  color: white;
  font-weight: bold;
  padding: 5px 10px;
}
.note .content {
  background: #eafeea;
  color: black;
  line-height: 120%;
  font-size: 90%;
  padding: 5px 10px;
}
.warning .label {
  background: #C00;
  color: white;
  font-weight: bold;
  padding: 5px 10px;
}
.warning .content {
  background: #FFF0F0;
  color: black;
  line-height: 120%;
  font-size: 90%;
  padding: 5px 10px;
}

    .example     { background-color:#eeeeff } 
    pre          { font-family: courier; font-weight: normal }
    .REFBODY     { margin-left: 13mm }
    .REFTYPES    { margin-left: 8mm }
-->
  </style>
</head>
<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#FF00FF" alink="#FF0000">
<!-- refpage -->
<center>
<a href="http://www.ericsson.com/technology/opensource/erlang"><img border="0" alt="[Ericsson AB]" src="min_head.gif"/></a>
</center><center>
<h1>ssl</h1>
</center>
<h3>APPLICATION</h3>
<div class="REFBODY">
ssl
</div>

<h3>APPLICATION SUMMARY</h3>
<div class="REFBODY">
The SSL Application
</div>

<h3>DESCRIPTION</h3>
<div class="REFBODY">

<p>The Secure Socket Layer (SSL) application provides secure
socket communication over TCP/IP.

</p>
</div>

<h3>Warning</h3>
<div class="REFBODY">

<p>In previous versions of Erlang/OTP SSL it was advised, as a
work-around, to set the operating system environment variable
<span class="code">SSL_CERT_FILE</span> to point at a file containing CA
certificates. That variable is no longer needed, and is not
recognised by Erlang/OTP SSL any more.

</p>
<p>However, the OpenSSL package does interpret that environment
variable. Hence a setting of that variable might have
unpredictable effects on the Erlang/OTP SSL application. It is
therefore adviced to not used that environment variable at all.
</p>
</div>

<h3>Environment</h3>
<div class="REFBODY">

<p>The following application environment configuration parameters
are defined for the SSL application. Refer to application(3) for
more information about configuration parameters.

</p>
<p>Note that the environment parameters can be set on the command line,
for instance,
</p>
<p><span class="code">erl ... -ssl protocol_version '[sslv2,sslv3]' ...</span>.

</p>
<dl>

<dt>
<span class="code">ephemeral_rsa = true | false &#60;optional&#62;</span>
</dt>

<dd>

Enables all SSL servers (those that listen and accept)
to use ephemeral RSA key generation when a clients connect with
weak handshake cipher specifications, that need equally weak
ciphers from the server (i.e. obsolete restrictions on export
ciphers). Default is <span class="code">false</span>.
<br />


</dd>

<dt>
<span class="code">debug = true | false &#60;optional&#62;</span>
</dt>

<dd>

Causes debug information to be written to standard
output. Default is <span class="code">false</span>.
<br />


</dd>

<dt>
<span class="code">debugdir = path() | false &#60;optional&#62;</span>
</dt>

<dd>

Causes debug information output controlled by <span class="code">debug</span>
and <span class="code">msgdebug</span> to be printed to a file named 
<span class="code">ssl_esock.&#60;pid&#62;.log</span> in the directory specified by
<span class="code">debugdir</span>, where <span class="code">&#60;pid&#62;</span> is the operating system
specific textual representation of the process indentifier 
of the external port program of the SSL application. Default
is <span class="code">false</span>, i.e. no log file is produced.
<br />


</dd>

<dt>
<span class="code">msgdebug = true | false &#60;optional&#62;</span>
</dt>

<dd>

Sets <span class="code">debug = true</span> and causes also the contents
of low level messages to be printed to standard output.
Default is <span class="code">false</span>.
<br />


</dd>

<dt>
<span class="code">port_program = string() | false &#60;optional&#62;</span>
</dt>

<dd>

Name of port program. The default is <span class="code">ssl_esock</span>.
<br />


</dd>

<dt>
<span class="code">protocol_version = [sslv2|sslv3|tlsv1] &#60;optional&#62;</span>.
</dt>

<dd>

Name of protocols to use. If this option is not set, 
all protocols are assumed, i.e. the default value is
<span class="code">[sslv2, sslv3, tlsv1]</span>.
<br />


</dd>

<dt>
<span class="code">proxylsport = integer() | false &#60;optional&#62;</span>
</dt>

<dd>

Define the port number of the listen port of the 
SSL port program. Almost never is this option needed.
<br />


</dd>

<dt>
<span class="code">proxylsbacklog = integer() | false &#60;optional&#62;</span>
</dt>

<dd>

Set the listen queue size of the listen port of the
SSL port program. The default is 128.
<br />


</dd>

</dl>

</div>

<h3>OpenSSL libraries</h3>
<div class="REFBODY">

<p>The current implementation of the Erlang SSL application is
based on the <strong>OpenSSL</strong> package version 0.9.7 or higher.
There are source and binary releases on the web.

</p>
<p>Source releases of OpenSSL can be downloaded from the <a target="_top" href="http://www.openssl.org">OpenSSL</a> project home page,
or mirror sites listed there.

</p>
<p>The same URL also contains links to some compiled binaries and
libraries of OpenSSL (see the <span class="code">Related/Binaries</span> menu) of
which the <a target="_top" href="http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL">Shining Light Productions Win32 and OpenSSL</a> pages are of
interest for the Win32 user.

</p>
<p>For some Unix flavours there are binary packages available
on the net. 

</p>
<p>If you cannot find a suitable binary OpenSSL package, you 
have to fetch an OpenSSL source release and compile it. 

</p>
<p>You then have to compile and install the libraries
<span class="code">libcrypto.so</span> and <span class="code">libssl.so</span> (Unix), or the
libraries <span class="code">libeay32.dll</span> and <span class="code">ssleay32.dll</span> (Win32).

</p>
<p>For Unix The <span class="code">ssl_esock</span> port program is delivered linked
to OpenSSL libraries in <span class="code">/usr/local/lib</span>, but the default
dynamic linking will also accept libraries in <span class="code">/lib</span> and
<span class="code">/usr/lib</span>.

</p>
<p>If that is not applicable to the particular Unix operating
system used, the example <span class="code">Makefile</span> in the SSL
<span class="code">priv/obj</span> directory, should be used as a guide to
relinking the final version of the port program.

</p>
<p>For <span class="code">Win32</span> it is only required that the libraries can be
found from the <span class="code">PATH</span> environment variable, or that they
reside in the appropriate <span class="code">SYSTEM32</span> directory; hence no
particular relinking is need. Hence no example <span class="code">Makefile</span>
for Win32 is provided.
</p>
</div>

<h3>Restrictions</h3>
<div class="REFBODY">

<p>Users must be aware of export restrictions and patent rights
concerning cryptographic software.

</p>
</div>

<h3>SEE ALSO</h3>
<div class="REFBODY">

<p>application(3)
</p>
</div>
<center>
<hr/>
<small>ssl 3.9<br/>
  Copyright &copy; 1991-2008
  <a href="http://www.ericsson.com/technology/opensource/erlang">Ericsson AB</a><br/>
</small>
</center></body>
</html>