Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nodejs/node.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/api/crypto.md
diff options
context:
space:
mode:
authorMateusz Krawczuk <krawczukmat@gmail.com>2020-06-17 18:29:06 +0300
committerAlba Mendez <me@alba.sh>2020-08-07 16:24:55 +0300
commit33060703cc214b4056718eaaf5738f8fc83130f7 (patch)
treecf9bf6310f4cc895a8e5c7a649c60fb6286d2e8f /doc/api/crypto.md
parent46bef7b7716b377055260490bb6f713ffb593672 (diff)
crypto: add OP flag constants added in OpenSSL v1.1.1
PR-URL: https://github.com/nodejs/node/pull/33929 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Alba Mendez <me@alba.sh> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'doc/api/crypto.md')
-rw-r--r--doc/api/crypto.md25
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index 54eb7a8c298..5fef141be46 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -3193,6 +3193,11 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
for detail.</td>
</tr>
<tr>
+ <td><code>SSL_OP_ALLOW_NO_DHE_KEX</code></td>
+ <td>Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode
+ for TLS v1.3</td>
+ </tr>
+ <tr>
<td><code>SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION</code></td>
<td>Allows legacy insecure renegotiation between OpenSSL and unpatched
clients or servers. See
@@ -3265,10 +3270,18 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<td>Instructs OpenSSL to disable support for SSL/TLS compression.</td>
</tr>
<tr>
+ <td><code>SSL_OP_NO_ENCRYPT_THEN_MAC</code></td>
+ <td>Instructs OpenSSL to disable encrypt-then-MAC.</td>
+ </tr>
+ <tr>
<td><code>SSL_OP_NO_QUERY_MTU</code></td>
<td></td>
</tr>
<tr>
+ <td><code>SSL_OP_NO_RENEGOTIATION</code></td>
+ <td>Instructs OpenSSL to disable renegotiation.</td>
+ </tr>
+ <tr>
<td><code>SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION</code></td>
<td>Instructs OpenSSL to always start a new session when performing
renegotiation.</td>
@@ -3297,6 +3310,10 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<td><code>SSL_OP_NO_TLSv1_2</code></td>
<td>Instructs OpenSSL to turn off TLS v1.2</td>
</tr>
+ <tr>
+ <td><code>SSL_OP_NO_TLSv1_3</code></td>
+ <td>Instructs OpenSSL to turn off TLS v1.3</td>
+ </tr>
<td><code>SSL_OP_PKCS1_CHECK_1</code></td>
<td></td>
</tr>
@@ -3305,6 +3322,14 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<td></td>
</tr>
<tr>
+ <td><code>SSL_OP_PRIORITIZE_CHACHA</code></td>
+ <td>Instructs OpenSSL server to prioritize ChaCha20Poly1305
+ when client does.
+ This option has no effect if
+ <code>SSL_OP_CIPHER_SERVER_PREFERENCE</code>
+ is not enabled.</td>
+ </tr>
+ <tr>
<td><code>SSL_OP_SINGLE_DH_USE</code></td>
<td>Instructs OpenSSL to always create a new key when using
temporary/ephemeral DH parameters.</td>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 00:13:25 +0300