diff options
author | James M Snell <jasnell@gmail.com> | 2018-02-05 21:55:16 -0800 |
---|---|---|
committer | Anatoli Papirovski <apapirovski@mac.com> | 2018-02-08 11:57:14 -0500 |
commit | d3569b623ccd593c9ef62fcaf0aba2711dc7fbfa (patch) | |
tree | 643d44f1eb33c9b822fea7742d2691355d295a4c /doc/api/tls.md | |
parent | 809af1fe8a0a096be4f0a3020f8e60ee1c827cbc (diff) | |
download | android-node-v8-d3569b623ccd593c9ef62fcaf0aba2711dc7fbfa.tar.gz android-node-v8-d3569b623ccd593c9ef62fcaf0aba2711dc7fbfa.tar.bz2 android-node-v8-d3569b623ccd593c9ef62fcaf0aba2711dc7fbfa.zip |
doc: remove **Note:** tags
Remove the various **Note:** prefixes throughout the docs.
PR-URL: https://github.com/nodejs/node/pull/18592
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Diffstat (limited to 'doc/api/tls.md')
-rw-r--r-- | doc/api/tls.md | 84 |
1 files changed, 40 insertions, 44 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index ea577c2583..161ec5d963 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -117,7 +117,7 @@ handshake extensions: * SNI - Allows the use of one TLS server for multiple hostnames with different SSL certificates. -*Note*: Use of ALPN is recommended over NPN. The NPN extension has never been +Use of ALPN is recommended over NPN. The NPN extension has never been formally defined or documented and generally not recommended for use. ### Client-initiated renegotiation attack mitigation @@ -138,7 +138,7 @@ threshold is exceeded. The limits are configurable: * `tls.CLIENT_RENEG_WINDOW` {number} Specifies the time renegotiation window in seconds. Defaults to `600` (10 minutes). -*Note*: The default renegotiation limits should not be modified without a full +The default renegotiation limits should not be modified without a full understanding of the implications and risks. To test the renegotiation limits on a server, connect to it using the OpenSSL @@ -189,7 +189,7 @@ in [`tls.createServer()`], [`tls.connect()`], and when creating new Consult [OpenSSL cipher list format documentation][] for details on the format. -*Note*: The default cipher suite included within Node.js has been carefully +The default cipher suite included within Node.js has been carefully selected to reflect current security best practices and risk mitigation. Changing the default cipher suite can have a significant impact on the security of an application. The `--tls-cipher-list` switch and `ciphers` option should by @@ -230,8 +230,8 @@ three arguments when called: * `callback` {Function} A callback function taking no arguments that must be invoked in order for data to be sent or received over the secure connection. -*Note*: Listening for this event will have an effect only on connections -established after the addition of the event listener. +Listening for this event will have an effect only on connections established +after the addition of the event listener. ### Event: 'OCSPRequest' <!-- YAML @@ -271,14 +271,14 @@ The typical flow of an OCSP Request is as follows: 5. Client validates the response and either destroys the socket or performs a handshake. -*Note*: The `issuer` can be `null` if the certificate is either self-signed or -the issuer is not in the root certificates list. (An issuer may be provided +The `issuer` can be `null` if the certificate is either self-signed or the +issuer is not in the root certificates list. (An issuer may be provided via the `ca` option when establishing the TLS connection.) -*Note*: Listening for this event will have an effect only on connections -established after the addition of the event listener. +Listening for this event will have an effect only on connections established +after the addition of the event listener. -*Note*: An npm module like [asn1.js] may be used to parse the certificates. +An npm module like [asn1.js] may be used to parse the certificates. ### Event: 'resumeSession' <!-- YAML @@ -299,8 +299,8 @@ the session cannot be resumed (i.e., doesn't exist in storage) the callback may be invoked as `callback(null, null)`. Calling `callback(err)` will terminate the incoming connection and destroy the socket. -*Note*: Listening for this event will have an effect only on connections -established after the addition of the event listener. +Listening for this event will have an effect only on connections established +after the addition of the event listener. The following illustrates resuming a TLS session: @@ -423,13 +423,12 @@ added: v3.0.0 Updates the keys for encryption/decryption of the [TLS Session Tickets][]. -*Note*: The key's `Buffer` should be 48 bytes long. See `ticketKeys` option in +The key's `Buffer` should be 48 bytes long. See `ticketKeys` option in [tls.createServer](#tls_tls_createserver_options_secureconnectionlistener) for more information on how it is used. -*Note*: Changes to the ticket keys are effective only for future server -connections. Existing or currently pending server connections will use the -previous keys. +Changes to the ticket keys are effective only for future server connections. +Existing or currently pending server connections will use the previous keys. ## Class: tls.TLSSocket @@ -442,7 +441,7 @@ encryption of written data and all required TLS negotiation. Instances of `tls.TLSSocket` implement the duplex [Stream][] interface. -*Note*: Methods that return TLS connection metadata (e.g. +Methods that return TLS connection metadata (e.g. [`tls.TLSSocket.getPeerCertificate()`][] will only return data while the connection is open. @@ -664,8 +663,8 @@ added: v0.11.4 Returns the TLS session ticket or `undefined` if no session was negotiated. -*Note*: This only works with client TLS sockets. Useful only for debugging, -for session reuse provide `session` option to [`tls.connect()`][]. +This only works with client TLS sockets. Useful only for debugging, for session +reuse provide `session` option to [`tls.connect()`][]. ### tlsSocket.localAddress <!-- YAML @@ -721,11 +720,11 @@ The `tlsSocket.renegotiate()` method initiates a TLS renegotiation process. Upon completion, the `callback` function will be passed a single argument that is either an `Error` (if the request failed) or `null`. -*Note*: This method can be used to request a peer's certificate after the -secure connection has been established. +This method can be used to request a peer's certificate after the secure +connection has been established. -*Note*: When running as the server, the socket will be destroyed with an error -after `handshakeTimeout` timeout. +When running as the server, the socket will be destroyed with an error after +`handshakeTimeout` timeout. ### tlsSocket.setMaxSendFragment(size) <!-- YAML @@ -759,15 +758,16 @@ Verifies the certificate `cert` is issued to host `host`. Returns {Error} object, populating it with the reason, host, and cert on failure. On success, returns {undefined}. -*Note*: This function can be overwritten by providing alternative function -as part of the `options.checkServerIdentity` option passed to `tls.connect()`. -The overwriting function can call `tls.checkServerIdentity()` of course, to augment +This function can be overwritten by providing alternative function as part of +the `options.checkServerIdentity` option passed to `tls.connect()`. The +overwriting function can call `tls.checkServerIdentity()` of course, to augment the checks done with additional verification. -*Note*: This function is only called if the certificate passed all other checks, such as +This function is only called if the certificate passed all other checks, such as being issued by trusted CA (`options.ca`). -The cert object contains the parsed certificate and will have a structure similar to: +The cert object contains the parsed certificate and will have a structure +similar to: ```text { subject: @@ -937,8 +937,7 @@ added: v0.11.3 Same as [`tls.connect()`][] except that `path` can be provided as an argument instead of an option. -*Note*: A path option, if specified, will take precedence over the path -argument. +A path option, if specified, will take precedence over the path argument. ## tls.connect(port[, host][, options][, callback]) <!-- YAML @@ -953,8 +952,8 @@ added: v0.11.3 Same as [`tls.connect()`][] except that `port` and `host` can be provided as arguments instead of options. -*Note*: A port or host option, if specified, will take precedence over any -port or host argument. +A port or host option, if specified, will take precedence over any port or host +argument. ## tls.createSecureContext(options) @@ -1052,15 +1051,12 @@ changes: * `sessionIdContext` {string} Optional opaque identifier used by servers to ensure session state is not shared between applications. Unused by clients. -*Note*: - -* [`tls.createServer()`][] sets the default value of the - `honorCipherOrder` option to `true`, other APIs that create secure contexts - leave it unset. +[`tls.createServer()`][] sets the default value of the `honorCipherOrder` option +to `true`, other APIs that create secure contexts leave it unset. -* [`tls.createServer()`][] uses a 128 bit truncated SHA1 hash value - generated from `process.argv` as the default value of the `sessionIdContext` - option, other APIs that create secure contexts have no default value. +[`tls.createServer()`][] uses a 128 bit truncated SHA1 hash value generated +from `process.argv` as the default value of the `sessionIdContext` option, other +APIs that create secure contexts have no default value. The `tls.createSecureContext()` method creates a credentials object. @@ -1137,8 +1133,8 @@ changes: Creates a new [tls.Server][]. The `secureConnectionListener`, if provided, is automatically set as a listener for the [`'secureConnection'`][] event. -*Note*: The `ticketKeys` options is automatically shared between `cluster` -module workers. +The `ticketKeys` options is automatically shared between `cluster` module +workers. The following illustrates a simple echo server: @@ -1314,9 +1310,9 @@ stream. `tls.createSecurePair()` returns a `tls.SecurePair` object with `cleartext` and `encrypted` stream properties. -*Note*: `cleartext` has the same API as [`tls.TLSSocket`][]. +Using `cleartext` has the same API as [`tls.TLSSocket`][]. -*Note*: The `tls.createSecurePair()` method is now deprecated in favor of +The `tls.createSecurePair()` method is now deprecated in favor of `tls.TLSSocket()`. For example, the code: ```js |