diff options
author | Chad Johnston <cjohnston@megatome.com> | 2015-05-12 16:07:33 -0600 |
---|---|---|
committer | Michael Dawson <Michael_Dawson@ca.ibm.com> | 2015-05-21 07:14:52 -0700 |
commit | a294aeef0315817fa230bb4e048564d2aea5cdf7 (patch) | |
tree | f900cec60a478b1a39a7a678f8973c08460d67c9 | |
parent | ebbb3560fabc757b06efa4caff07b2ab4b68b5ba (diff) | |
download | node-a294aeef0315817fa230bb4e048564d2aea5cdf7.tar.gz |
doc: Using ciphers with tls.connect()
Refs #25270,#25271
Reviewed-By: Michael Dawson <mhdawsonibm@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25325
-rw-r--r-- | doc/api/tls.markdown | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 410d88300..dc3a0431b 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -182,7 +182,7 @@ automatically set as a listener for the [secureConnection][] event. The on the format. `ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and - `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when node.js is + `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is linked against OpenSSL 1.0.1 or newer, such as the bundled version of OpenSSL. Note that it is still possible for a TLS v1.2 client to negotiate a weaker cipher unless `honorCipherOrder` is enabled. @@ -341,6 +341,20 @@ Creates a new client connection to the given `port` and `host` (old API) or - `path`: Creates unix socket connection to path. If this option is specified, `host` and `port` are ignored. + - `ciphers`: A string describing the ciphers to use or exclude. + + Defaults to + `ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL`. + Consult the [OpenSSL cipher list format documentation] for details + on the format. + + The full list of available ciphers can be obtained via [tls.getCiphers][]. + + `ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and + `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is + linked against OpenSSL 1.0.1 or newer, such as the bundled version + of OpenSSL. + - `pfx`: A string or `Buffer` containing the private key, certificate and CA certs of the client in PFX or PKCS12 format. @@ -835,6 +849,7 @@ The numeric representation of the local port. [OpenSSL cipher list format documentation]: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT [BEAST attacks]: http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html +[tls.getCiphers]: #tls_tls_getciphers [tls.createServer]: #tls_tls_createserver_options_secureconnectionlistener [tls.createSecurePair]: #tls_tls_createsecurepair_credentials_isserver_requestcert_rejectunauthorized [tls.TLSSocket]: #tls_class_tls_tlssocket |