Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nodejs/node.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/api/tls.md
diff options
context:
space:
mode:
authorTobias Nießen <tniessen@tnie.de>2022-02-22 18:26:52 +0300
committerGitHub <noreply@github.com>2022-02-22 18:26:52 +0300
commit16650ee2a3b71446db7422cd3870b99bbf005998 (patch)
tree4b11618a9a61381d752da403d4f6cc45f6356011 /doc/api/tls.md
parent45b5ca810a16074e639157825c1aa2e90d60e9f6 (diff)
doc: clarify supported versus enabled TLS ciphers
PR-URL: https://github.com/nodejs/node/pull/42063 Refs: https://github.com/nodejs/node/issues/42059 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Harshitha K P <harshitha014@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'doc/api/tls.md')
-rw-r--r--doc/api/tls.md7
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md
index 63e67b26f3b..0402bdcd97e 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -1799,7 +1799,7 @@ changes:
See [OpenSSL man pages](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_sigalgs_list.html)
for more info.
* `ciphers` {string} Cipher suite specification, replacing the default. For
- more information, see [modifying the default cipher suite][]. Permitted
+ more information, see [Modifying the default TLS cipher suite][]. Permitted
ciphers can be obtained via [`tls.getCiphers()`][]. Cipher names must be
uppercased in order for OpenSSL to accept them.
* `clientCertEngine` {string} Name of an OpenSSL engine which can provide the
@@ -2101,6 +2101,9 @@ Returns an array with the names of the supported TLS ciphers. The names are
lower-case for historical reasons, but must be uppercased to be used in
the `ciphers` option of [`tls.createSecureContext()`][].
+Not all supported ciphers are enabled by default. See
+[Modifying the default TLS cipher suite][].
+
Cipher names that start with `'tls_'` are for TLSv1.3, all the others are for
TLSv1.2 and below.
@@ -2169,6 +2172,7 @@ added: v11.4.0
[Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
[DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
+[Modifying the default TLS cipher suite]: #modifying-the-default-tls-cipher-suite
[Mozilla's publicly trusted list of CAs]: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
[OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling
[OpenSSL Options]: crypto.md#openssl-options
@@ -2220,6 +2224,5 @@ added: v11.4.0
[certificate object]: #certificate-object
[cipher list format]: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-LIST-FORMAT
[forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy
-[modifying the default cipher suite]: #modifying-the-default-tls-cipher-suite
[perfect forward secrecy]: #perfect-forward-secrecy
[specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 15:07:41 +0300