---------------------------------------------------------------------
--- HIGHLIGHTS ------------------------------------------------------
---------------------------------------------------------------------
OTP-17455 Application(s): erts, kernel
Related Id(s): GH-4852
Add support for using socket:sockaddr_in() and
socket:sockaddr_in6() when using gen_sctp, gen_tcp and
gen_udp. This will make it possible to use Link Local
IPv6 addresses.
OTP-17812 Application(s): crypto
Related Id(s): OTP-16282, OTP-16646
The crypto app in OTP can since OTP-24.2 be compiled,
linked and used with the new OpenSSL 3.0 cryptolib.
The crypto app has 3.0 support has been improved, but
is still *not recommended* for other usages than
experiments and alpha testing. There are not yet any
guaranties that it works, not even together with other
OTP applications like for example SSL and SSH, although
there are no known errors.
Since the previous release, OTP-24.2, the following
improvements have been done:
- It has been tested during nearly every nightly test
on the OTP lab
- The hash algorithms md4 and ripemd160 have been
enabled with OpenSSL 3.0.
- The ciphers blowfish_cbc, blowfish_ecb, des_cbc,
des_cfb, des_ecb, rc2_cbc and rc4 have been enabled
with OpenSSL 3.0.
Disabled or unsupported with OpenSSL 3.0 are still:
- ENGINE support
- FIPS mode
- Other providers than the built-in ones
- Compiling and linking with OpenSSL 3.0 cryptolib in
compatibility modes (for example to behave as 1.1.1)
and, the ciphers blowfish_cfb64 and blowfish_ofb64 are
not supported and will not be either.
Deprecated functions in the OpenSSL 3.0 cryptolib must
not be disabled as OTP/crypto still uses some of the
deprecated API functions. The gcc flag
-Wno-deprecated-declarations is set to prevent
deprecation warnings to be printed when compiling.
OTP-17843 Application(s): erts, kernel
Related Id(s): ERIERL-732, PR-5611
By default global does not take any actions to restore
a fully connected network when connections are lost due
to network issues. This is problematic for all
applications expecting a fully connected network to be
provided, such as for example mnesia, but also for
global itself. A network of overlapping partitions
might cause the internal state of global to become
inconsistent. Such an inconsistency can remain even
after such partitions have been brought together to
form a fully connected network again. The effect on
other applications that expects that a fully connected
network is maintained may vary, but they might
misbehave in very subtle hard to detect ways during
such a partitioning.
In order to prevent such issues, we have introduced a
prevent overlapping partitions fix which can be enabled
using the prevent_overlapping_partitions kernel(6)
parameter. When this fix has been enabled, global will
actively disconnect from nodes that reports that they
have lost connections to other nodes. This will cause
fully connected partitions to form instead of leaving
the network in a state with overlapping partitions.
Note that this fix has to be enabled on all nodes in
the network in order to work properly. Since this quite
substantially changes the behavior, this fix is
currently disabled by default. Since you might get hard
to detect issues without this fix you are, however,
strongly advised to enable this fix in order to avoid
issues such as the ones described above. As of OTP 25
this fix will become enabled by default.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-17928 Application(s): ssh
Related Id(s): PR-5679
Improper tag for private ED keys when encoding with
ssh:encode/2.
The tuple had ed_priv as first element, but should have
had ed_pri. This is now corrected.