- ext
- ssl
- ssl.pl -- Secure Socket Layer (SSL) library
- ssl_context/3
- ssl_upgrade_legacy_options/2
- ssl_add_certificate_key/4
- ssl_set_options/3
- ssl_property/2
- ssl_negotiate/5
- ssl_peer_certificate/2
- ssl_peer_certificate_chain/2
- ssl_session/2
- load_certificate/2
- write_certificate/3
- load_crl/2
- system_root_certificates/1
- load_private_key/3
- load_public_key/2
- cert_accept_any/5
- same_certificate/2
- verify_certificate_issuer/2
- verify_certificate/3
- certificate_field/2
- ssl_secure_ciphers/1
- crypto.pl -- Cryptography and authentication library
- xmldsig.pl -- XML Digital signature
- xmlenc.pl -- XML encryption library
- ssl.pl -- Secure Socket Layer (SSL) library
- ssl
- ssl_secure_ciphers(-Ciphers:atom) is det
- Ciphers is a secure cipher preference list that can be used in the
cipher_list/1 option of ssl_context/3.
Secure ciphers must guarantee forward secrecy, and must mitigate all known critical attacks. As of 2018, using these ciphers allows you to obtain grade A on https://www.ssllabs.com. For A+, you must also enable HTTP Strict Transport Security (HSTS) by sending a suitable header field in replies.
Note that obsolete ciphers must be disabled to reliably prevent protocol downgrade attacks.
The Ciphers list is read from the setting
ssl:secure_ciphers
and can be controlled using set_setting/2 and other predicates from library(settings).BEWARE: This list must be changed when attacks on these ciphers become known! Keep an eye on this setting and adapt it as necessary in the future.