27 SSL SOCKETS Release Notes
These release notes are for the SSL sockets application.
27.1 sockets 1.0
27.1.1 The SSLeay package
SSL sockets needs the SSLeay version 0.6.6 package installed in shared library form. You can get the package from ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL or you can find other mirrored locations at http://www.psy.uq.oz.au/~ftp/Crypto/.
Build and install the package according to the installation guide of the package. Then run
shlib/solaris.sh
under a shell (as in/bin/sh shlib/solaris.sh
). This will produce the shared librarieslibcrypto.so
andlibssl.so
. Copy those shared libraries to the installation directory. Then add the SSLeay installation directory to theLD_LIBRARY_PATH
environment variable.The SSLeay package implements several well known cryptographic algorithms. Some of these are covered by software patents in some countries. The package can be configured to exclude algorithms at installation. Below follows a summary on software patents and restrictions for algorithms in SSLeay, see the SSLeay documentation for details:
The use of the RSA algorithm must be licensed in the USA due to US software patents. This includes any products sold to the USA that use the SSLeay RSA package. Export from the USA is restricted for software containing cryptographic algorithms.
The IDEA algorithm is covered by software patents in Europe.
General use of cryptography is prohibited in France.
27.1.2 Known bugs and problems
- When using the SSL socket module, both client and server must be SSL enabled. An SSL server will hang if a non-SSL client tries to connect to it. If a SSL-client tries to connect to a non-SSL server, the connection will fail.
- At this stage it is not possible to establish a connection between a server and a client residing on the same Erlang node due to the blocking of SSL_connect().
Id: OTP-1482
- It seems that sometimes ssl_sock doesn't die. The cause of it has not yet been found.
Id: OTP-1937