diff options
| author | Hativ <Hativ@users.noreply.github.com> | 2017-11-07 00:08:22 +0100 |
|---|---|---|
| committer | Tobias Nießen <tniessen@tnie.de> | 2017-11-29 00:43:05 +0100 |
| commit | af78840b194528a147e4683aed27a320f9764ea5 (patch) | |
| tree | 5e5095d1fb885581f9681312c3f3d83bb1561171 /doc | |
| parent | 04566d3698fac6c6afc7896619c92cc2e05d1440 (diff) | |
| download | android-node-v8-af78840b194528a147e4683aed27a320f9764ea5.tar.gz android-node-v8-af78840b194528a147e4683aed27a320f9764ea5.tar.bz2 android-node-v8-af78840b194528a147e4683aed27a320f9764ea5.zip | |
tls: set ecdhCurve default to 'auto'
For best out-of-the-box compatibility there should not be one default
`ecdhCurve` for the tls client, OpenSSL should choose them
automatically.
See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)
PR-URL: https://github.com/nodejs/node/pull/16853
Refs: https://github.com/nodejs/node/issues/16196
Refs: https://github.com/nodejs/node/issues/1495
Refs: https://github.com/nodejs/node/pull/15206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/api/tls.md | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 4274c36d20..bba044a36d 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1164,8 +1164,7 @@ added: v0.11.13 --> The default curve name to use for ECDH key agreement in a tls server. The -default value is `'prime256v1'` (NIST P-256). Consult [RFC 4492] and -[FIPS.186-4] for more details. +default value is `'auto'`. See [`tls.createSecureContext()`] for further information. ## Deprecated APIs @@ -1296,13 +1295,11 @@ where `secure_socket` has the same API as `pair.cleartext`. [Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites [DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange [ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman -[FIPS.186-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf [Forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy [OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling [OpenSSL Options]: crypto.html#crypto_openssl_options [OpenSSL cipher list format documentation]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT [Perfect Forward Secrecy]: #tls_perfect_forward_secrecy -[RFC 4492]: https://www.rfc-editor.org/rfc/rfc4492.txt [SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html [SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS [Stream]: stream.html#stream_stream |