diff options
| author | Ben Noordhuis <info@bnoordhuis.nl> | 2018-10-22 11:40:28 +0200 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2018-11-13 16:05:51 +0100 |
| commit | 60eca6a5d4fb5d70c4affceb1fbe78f1c1db8354 (patch) | |
| tree | 9578cd5afb40f0d6babadf472f6ecce96e869500 /doc | |
| parent | fcd7a7242890b30c3c143255234bdfe1855999b6 (diff) | |
| download | android-node-v8-60eca6a5d4fb5d70c4affceb1fbe78f1c1db8354.tar.gz android-node-v8-60eca6a5d4fb5d70c4affceb1fbe78f1c1db8354.tar.bz2 android-node-v8-60eca6a5d4fb5d70c4affceb1fbe78f1c1db8354.zip | |
tls: disable TLS v1.0 and v1.1 by default
Refs: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
PR-URL: https://github.com/nodejs/node/pull/23814
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/api/cli.md | 16 | ||||
| -rw-r--r-- | doc/api/tls.md | 3 | ||||
| -rw-r--r-- | doc/node.1 | 8 |
3 files changed, 26 insertions, 1 deletions
diff --git a/doc/api/cli.md b/doc/api/cli.md index 29f3360dda..723e849d4e 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -342,6 +342,22 @@ added: v4.0.0 Specify an alternative default TLS cipher list. Requires Node.js to be built with crypto support (default). +### `--tls-v1.0` +<!-- YAML +added: REPLACEME +--> + +Enable TLSv1.0. This should only be used for compatibility with old TLS +clients or servers. + +### `--tls-v1.1` +<!-- YAML +added: REPLACEME +--> + +Enable TLSv1.1. This should only be used for compatibility with old TLS +clients or servers. + ### `--trace-deprecation` <!-- YAML added: v0.8.0 diff --git a/doc/api/tls.md b/doc/api/tls.md index 7440dfa762..8380353934 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1102,7 +1102,8 @@ changes: [OpenSSL Options][]. * `secureProtocol` {string} SSL method to use. The possible values are listed as [SSL_METHODS][], use the function names as strings. For example, - `'TLSv1_2_method'` to force TLS version 1.2. **Default:** `'TLS_method'`. + `'TLSv1_2_method'` to force TLS version 1.2. + **Default:** `'TLSv1_2_method'`. * `sessionIdContext` {string} Opaque identifier used by servers to ensure session state is not shared between applications. Unused by clients. diff --git a/doc/node.1 b/doc/node.1 index b8144f4ebb..52e307a6d6 100644 --- a/doc/node.1 +++ b/doc/node.1 @@ -183,6 +183,14 @@ Specify process.title on startup. Specify an alternative default TLS cipher list. Requires Node.js to be built with crypto support. (Default) . +.It Fl -tls-v1.0 +Enable TLSv1.0. This should only be used for compatibility with old TLS +clients or servers. +. +.It Fl -tls-v1.1 +Enable TLSv1.1. This should only be used for compatibility with old TLS +clients or servers. +. .It Fl -trace-deprecation Print stack traces for deprecations. . |