Man Linux: Main Page and Category List


       ssl - The SSL Application


       The  Secure  Socket  Layer  (SSL)  application  provides  secure socket
       communication over TCP/IP.


       In previous versions of Erlang/OTP SSL  it  was  advised,  as  a  work-
       around,  to set the operating system environment variable SSL_CERT_FILE
       to point at a file containing CA  certificates.  That  variable  is  no
       longer needed, and is not recognised by Erlang/OTP SSL any more.

       However,  the OpenSSL package does interpret that environment variable.
       Hence a setting of that variable might have  unpredictable  effects  on
       the  Erlang/OTP  SSL  application.  It is therefore adviced to not used
       that environment variable at all.


       The following  application  environment  configuration  parameters  are
       defined  for  the  SSL application. Refer to application(3erl) for more
       information about configuration parameters.

       Note that the environment parameters can be set on  the  command  line,
       for instance,

       erl ... -ssl protocol_version [sslv2,sslv3] ....

          ephemeral_rsa = true | false <optional>
             Enables  all  SSL  servers  (those that listen and accept) to use
             ephemeral RSA key generation when a  clients  connect  with  weak
             handshake  cipher  specifications, that need equally weak ciphers
             from the server (i.e. obsolete restrictions on  export  ciphers).
             Default is false.

          debug = true | false <optional>
             Causes  debug  information  to  be  written  to  standard output.
             Default is false.

          debugdir = path() | false <optional>
             Causes debug information output controlled by debug and  msgdebug
             to  be  printed  to  a  file  named  ssl_esock.<pid>.log  in  the
             directory specified by debugdir, where  <pid>  is  the  operating
             system  specific textual representation of the process identifier
             of the external port program of the SSL application.  Default  is
             false, i.e. no log file is produced.

          msgdebug = true | false <optional>
             Sets  debug  =  true  and  causes  also the contents of low level
             messages to be printed to standard output. Default is false.

          port_program = string() | false <optional>
             Name of port program. The default is ssl_esock.

          protocol_version = [sslv2|sslv3|tlsv1] <optional>.
             Name of protocols  to  use.  If  this  option  is  not  set,  all
             protocols  are  assumed, i.e. the default value is [sslv2, sslv3,

          proxylsport = integer() | false <optional>
             Define the port number  of  the  listen  port  of  the  SSL  port
             program. Almost never is this option needed.

          proxylsbacklog = integer() | false <optional>
             Set  the  listen  queue  size  of the listen port of the SSL port
             program. The default is 128.


       The current implementation of the Erlang SSL application  is  based  on
       the  OpenSSL  package  version  0.9.7  or  higher. There are source and
       binary releases on the web.

       Source releases of OpenSSL can be downloaded from the  OpenSSL  project
       home page, or mirror sites listed there.

       The  same  URL  also  contains  links  to  some  compiled  binaries and
       libraries of OpenSSL (see  the  Related/Binaries  menu)  of  which  the
       Shining  Light  Productions Win32 and OpenSSL pages are of interest for
       the Win32 user.

       For some Unix flavours there are binary packages available on the  net.

       If you cannot find a suitable binary OpenSSL package, you have to fetch
       an OpenSSL source release and compile it.

       You then have to compile and install  the  libraries  and  (Unix),  or  the  libraries  libeay32.dll  and  ssleay32.dll

       For Unix The ssl_esock port program  is  delivered  linked  to  OpenSSL
       libraries  in /usr/local/lib, but the default dynamic linking will also
       accept libraries in /lib and /usr/lib.

       If that is not applicable to the particular Unix operating system used,
       the example Makefile in the SSL priv/obj directory, should be used as a
       guide to relinking the final version of the port program.

       For Win32 it is only required that the libraries can be found from  the
       PATH  environment  variable,  or  that  they  reside in the appropriate
       SYSTEM32 directory; hence no particular relinking  is  need.  Hence  no
       example Makefile for Win32 is provided.


       Users must be aware of export restrictions and patent rights concerning
       cryptographic software.