diff options
Diffstat (limited to 'doc/api/tls.md')
-rw-r--r-- | doc/api/tls.md | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 34f7aecca8..c9a30d97d7 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -839,7 +839,19 @@ Returns an object containing information on the negotiated cipher suite. For example: `{ name: 'AES256-SHA', version: 'TLSv1.2' }`. See -[OpenSSL](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html) +[SSL_CIPHER_get_name](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html) +for more information. + +### tlsSocket.getSharedSigalgs() +<!-- YAML +added: REPLACEME +--> + +* Returns: {Array} List of signature algorithms shared between the server and +the client in the order of decreasing preference. + +See +[SSL_get_shared_sigalgs](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_shared_sigalgs.html) for more information. ### tlsSocket.getEphemeralKeyInfo() @@ -1346,6 +1358,10 @@ argument. <!-- YAML added: v0.11.13 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/29598 + description: Added `sigalgs` option to override supported signature + algorithms. - version: v12.0.0 pr-url: https://github.com/nodejs/node/pull/26209 description: TLSv1.3 support added. @@ -1406,6 +1422,12 @@ changes: order as their private keys in `key`. If the intermediate certificates are not provided, the peer will not be able to validate the certificate, and the handshake will fail. + * `sigalgs` {string}` Colon-separated list of supported signature algorithms. + The list can contain digest algorithms (`SHA256`, `MD5` etc.), public key + algorithms (`RSA-PSS`, `ECDSA` etc.), combination of both (e.g + 'RSA+SHA384') or TLS v1.3 scheme names (e.g. `rsa_pss_pss_sha512`). + See [OpenSSL man pages](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_sigalgs_list.html) + for more info. * `ciphers` {string} Cipher suite specification, replacing the default. For more information, see [modifying the default cipher suite][]. Permitted ciphers can be obtained via [`tls.getCiphers()`][]. Cipher names must be |