From be63dc5acc3c5027f9f7a450d7b3df46d031fb37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Fri, 14 Jan 2022 17:43:40 +0100 Subject: [PATCH] doc: remove statement about (EC)DHE performance This statement is misleading in that it says "key generation is expensive". ECDHE key generation (over the elliptic curves that are commonly used for TLS) is insanely fast compared to most other types of key generation. This statement is irrelevant for TLS 1.3, which requires (EC)DHE. Even if this statement is somewhat true for TLS 1.2, it does not justify discouraging the use of (EC)DHE. PR-URL: https://github.com/nodejs/node/pull/41528 Reviewed-By: Rich Trott Reviewed-By: Anna Henningsen Reviewed-By: Benjamin Gruenbaum --- doc/api/tls.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/api/tls.md b/doc/api/tls.md index 4ff4973d7dc8e0..ad5d738863fa1e 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -89,9 +89,6 @@ the character "E" appended to the traditional abbreviations): * [ECDHE][]: An ephemeral version of the Elliptic Curve Diffie-Hellman key-agreement protocol. -Ephemeral methods may have some performance drawbacks, because key generation -is expensive. - To use perfect forward secrecy using `DHE` with the `tls` module, it is required to generate Diffie-Hellman parameters and specify them with the `dhparam` option to [`tls.createSecureContext()`][]. The following illustrates the use of