Skip to content

Commit 8b531da

Browse files
tniessensxa
tniessen
authored and
sxa
committed
doc: clarify supported versus enabled TLS ciphers
PR-URL: #42063 Refs: #42059 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Mestery <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Harshitha K P <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: James M Snell <[email protected]>
1 parent a2926c4 commit 8b531da

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

doc/api/tls.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1787,7 +1787,7 @@ changes:
17871787
See [OpenSSL man pages](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_sigalgs_list.html)
17881788
for more info.
17891789
* `ciphers` {string} Cipher suite specification, replacing the default. For
1790-
more information, see [modifying the default cipher suite][]. Permitted
1790+
more information, see [Modifying the default TLS cipher suite][]. Permitted
17911791
ciphers can be obtained via [`tls.getCiphers()`][]. Cipher names must be
17921792
uppercased in order for OpenSSL to accept them.
17931793
* `clientCertEngine` {string} Name of an OpenSSL engine which can provide the
@@ -2089,6 +2089,9 @@ Returns an array with the names of the supported TLS ciphers. The names are
20892089
lower-case for historical reasons, but must be uppercased to be used in
20902090
the `ciphers` option of [`tls.createSecureContext()`][].
20912091

2092+
Not all supported ciphers are enabled by default. See
2093+
[Modifying the default TLS cipher suite][].
2094+
20922095
Cipher names that start with `'tls_'` are for TLSv1.3, all the others are for
20932096
TLSv1.2 and below.
20942097

@@ -2157,6 +2160,7 @@ added: v11.4.0
21572160
[Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
21582161
[DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
21592162
[ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
2163+
[Modifying the default TLS cipher suite]: #modifying-the-default-tls-cipher-suite
21602164
[Mozilla's publicly trusted list of CAs]: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
21612165
[OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling
21622166
[OpenSSL Options]: crypto.md#openssl-options
@@ -2208,6 +2212,5 @@ added: v11.4.0
22082212
[certificate object]: #certificate-object
22092213
[cipher list format]: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-LIST-FORMAT
22102214
[forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy
2211-
[modifying the default cipher suite]: #modifying-the-default-tls-cipher-suite
22122215
[perfect forward secrecy]: #perfect-forward-secrecy
22132216
[specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

0 commit comments

Comments
 (0)