From 43273262e5f07a80cecf2cef6ac89ca1719821fb Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Thu, 15 Nov 2018 15:51:55 -0800 Subject: doc: describe secureProtocol and CLI interaction Cross-reference the secureProtocol docs and the CLI docs for --tls-v1.0 and --tls-v1.1 and describe relationship. Make clear that --tls-v1.0 enables TLSv1.0 and TLSv1.1. PR-URL: https://github.com/nodejs/node/pull/24386 Reviewed-By: Vse Mozhet Byt Reviewed-By: Daniel Bevenius Reviewed-By: Ujjwal Sharma --- doc/api/tls.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'doc/api/tls.md') diff --git a/doc/api/tls.md b/doc/api/tls.md index 82dfbe2019..5655f21bd6 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1118,10 +1118,15 @@ changes: which is not usually necessary. This should be used carefully if at all! Value is a numeric bitmask of the `SSL_OP_*` options from [OpenSSL Options][]. - * `secureProtocol` {string} SSL method to use. The possible values are listed - as [SSL_METHODS][], use the function names as strings. For example, - `'TLSv1_2_method'` to force TLS version 1.2. - **Default:** `'TLSv1_2_method'`. + * `secureProtocol` {string} The TLS protocol version to use. The possible + values are listed as [SSL_METHODS][], use the function names as strings. For + example, use `'TLSv1_1_method'` to force TLS version 1.1, or `'TLS_method'` + to allow any TLS protocol version. It is not recommended to use TLS versions + less than 1.2, but it may be required for interoperability. **Default:** + `'TLSv1_2_method'`, unless changed using CLI options. Using the `--tlsv1.0` + CLI option is like `'TLS_method'` except protocols earlier than TLSv1.0 are + not allowed, and using the `--tlsv1.1` CLI option is like `'TLS_method'` + except that protocols earlier than TLSv1.1 are not allowed. * `sessionIdContext` {string} Opaque identifier used by servers to ensure session state is not shared between applications. Unused by clients. -- cgit v1.2.3