diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2018-11-15 15:51:55 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2018-11-19 11:21:13 -0800 |
commit | 43273262e5f07a80cecf2cef6ac89ca1719821fb (patch) | |
tree | ec3aed1a1f82e16cfd459a5f87539f2f6ccc4cce /doc/api/tls.md | |
parent | 54b4beb506dc9b830f21442c68a0be8be58a2ef8 (diff) | |
download | android-node-v8-43273262e5f07a80cecf2cef6ac89ca1719821fb.tar.gz android-node-v8-43273262e5f07a80cecf2cef6ac89ca1719821fb.tar.bz2 android-node-v8-43273262e5f07a80cecf2cef6ac89ca1719821fb.zip |
doc: describe secureProtocol and CLI interaction
Cross-reference the secureProtocol docs and the CLI docs for --tls-v1.0
and --tls-v1.1 and describe relationship. Make clear that --tls-v1.0
enables TLSv1.0 and TLSv1.1.
PR-URL: https://github.com/nodejs/node/pull/24386
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Diffstat (limited to 'doc/api/tls.md')
-rw-r--r-- | doc/api/tls.md | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 82dfbe2019..5655f21bd6 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1118,10 +1118,15 @@ changes: which is not usually necessary. This should be used carefully if at all! Value is a numeric bitmask of the `SSL_OP_*` options from [OpenSSL Options][]. - * `secureProtocol` {string} SSL method to use. The possible values are listed - as [SSL_METHODS][], use the function names as strings. For example, - `'TLSv1_2_method'` to force TLS version 1.2. - **Default:** `'TLSv1_2_method'`. + * `secureProtocol` {string} The TLS protocol version to use. The possible + values are listed as [SSL_METHODS][], use the function names as strings. For + example, use `'TLSv1_1_method'` to force TLS version 1.1, or `'TLS_method'` + to allow any TLS protocol version. It is not recommended to use TLS versions + less than 1.2, but it may be required for interoperability. **Default:** + `'TLSv1_2_method'`, unless changed using CLI options. Using the `--tlsv1.0` + CLI option is like `'TLS_method'` except protocols earlier than TLSv1.0 are + not allowed, and using the `--tlsv1.1` CLI option is like `'TLS_method'` + except that protocols earlier than TLSv1.1 are not allowed. * `sessionIdContext` {string} Opaque identifier used by servers to ensure session state is not shared between applications. Unused by clients. |