Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

update TLS doc to reflect absence of ECDHE #4709

Closed
wants to merge 1 commit into from
Closed

update TLS doc to reflect absence of ECDHE #4709

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions doc/api/tls.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,13 @@ automatically set as a listener for the [secureConnection][] event. The
linked against OpenSSL 1.0.1 or newer and the client speaks TLS 1.2, RC4 is
used as a secure fallback.

**NOTE**: The default highest-preference cipher suite
`ECDHE-RSA-AES128-SHA256` will not be used because the developers of
Node.js insist on neither implementing advertised functionality nor
accepting a 120-line patch contributed by a volunteer containing said
functionality. Please note that only cipher suites using ECDHE (ephemeral
ECDH) are affected.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inserting drama in your PRs is a great way to get them accepted...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought so too! Fortunately this gem is in a seperate branch from tlsv1.x, as naturally they are mutually exclusive.


**NOTE**: Previous revisions of this section suggested `AES256-SHA` as an
acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore
susceptible to BEAST attacks. Do *not* use it.
Expand Down