diff options
author | Mateusz Krawczuk <krawczukmat@gmail.com> | 2020-06-17 18:29:06 +0300 |
---|---|---|
committer | Alba Mendez <me@alba.sh> | 2020-08-07 16:24:55 +0300 |
commit | 33060703cc214b4056718eaaf5738f8fc83130f7 (patch) | |
tree | cf9bf6310f4cc895a8e5c7a649c60fb6286d2e8f /doc/api/crypto.md | |
parent | 46bef7b7716b377055260490bb6f713ffb593672 (diff) |
crypto: add OP flag constants added in OpenSSL v1.1.1
PR-URL: https://github.com/nodejs/node/pull/33929
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'doc/api/crypto.md')
-rw-r--r-- | doc/api/crypto.md | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 54eb7a8c298..5fef141be46 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3193,6 +3193,11 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. for detail.</td> </tr> <tr> + <td><code>SSL_OP_ALLOW_NO_DHE_KEX</code></td> + <td>Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode + for TLS v1.3</td> + </tr> + <tr> <td><code>SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION</code></td> <td>Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See @@ -3265,10 +3270,18 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. <td>Instructs OpenSSL to disable support for SSL/TLS compression.</td> </tr> <tr> + <td><code>SSL_OP_NO_ENCRYPT_THEN_MAC</code></td> + <td>Instructs OpenSSL to disable encrypt-then-MAC.</td> + </tr> + <tr> <td><code>SSL_OP_NO_QUERY_MTU</code></td> <td></td> </tr> <tr> + <td><code>SSL_OP_NO_RENEGOTIATION</code></td> + <td>Instructs OpenSSL to disable renegotiation.</td> + </tr> + <tr> <td><code>SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION</code></td> <td>Instructs OpenSSL to always start a new session when performing renegotiation.</td> @@ -3297,6 +3310,10 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. <td><code>SSL_OP_NO_TLSv1_2</code></td> <td>Instructs OpenSSL to turn off TLS v1.2</td> </tr> + <tr> + <td><code>SSL_OP_NO_TLSv1_3</code></td> + <td>Instructs OpenSSL to turn off TLS v1.3</td> + </tr> <td><code>SSL_OP_PKCS1_CHECK_1</code></td> <td></td> </tr> @@ -3305,6 +3322,14 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. <td></td> </tr> <tr> + <td><code>SSL_OP_PRIORITIZE_CHACHA</code></td> + <td>Instructs OpenSSL server to prioritize ChaCha20Poly1305 + when client does. + This option has no effect if + <code>SSL_OP_CIPHER_SERVER_PREFERENCE</code> + is not enabled.</td> + </tr> + <tr> <td><code>SSL_OP_SINGLE_DH_USE</code></td> <td>Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters.</td> |