nodejs · shigeki · Mar 3, 2016 · bnoordhuis · Mar 3, 2016
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown
@@ -40,24 +40,23 @@ To create .pfx or .p12, do this:
 
 ## Protocol support
 
-Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
+Node.js is compiled with SSLv3 protocol support by default, but these
 protocols are **disabled**. They are considered insecure and could be easily
 compromised as was shown by [CVE-2014-3566][]. However, in some situations, it
 may cause problems with legacy clients/servers (such as Internet Explorer 6).
-If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
-`--enable-ssl3` flag respectively.  In future versions of Node.js SSLv2 and
-SSLv3 will not be compiled in by default.
+If you wish to enable SSLv3, run node with the `--enable-ssl3` flag
+respectively.  In future versions of Node.js SSLv3 will not be compiled in by
+default.
 
-There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
-specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.
+There is a way to force node into using SSLv3 only mode by explicitly
+specifying `secureProtocol` to `'SSLv3_method'`.
 
 The default protocol method Node.js uses is `SSLv23_method` which would be more
 accurately named `AutoNegotiate_method`. This method will try and negotiate
 from the highest level down to whatever the client supports.  To provide a
 secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
-and SSLv2 by setting the `secureOptions` to be
-`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
-`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).
+by setting the `secureOptions` to be `SSL_OP_NO_SSLv3` (again, unless you have
+passed `--enable-ssl3`, or `SSLv3_method` as `secureProtocol`).
 
 If you have set `secureOptions` to anything, we will not override your
 options.
@@ -172,9 +171,6 @@ automatically set as a listener for the [secureConnection][] event.  The
   - `honorCipherOrder` : When choosing a cipher, use the server's preferences
     instead of the client preferences.
 
-    Note that if SSLv2 is used, the server will send its list of preferences
-    to the client, and the client chooses the cipher.
-
     Although, this option is disabled by default, it is *recommended* that you
     use this option in conjunction with the `ciphers` option to mitigate
     BEAST attacks.

diff --git a/doc/node.1 b/doc/node.1
@@ -62,9 +62,6 @@ and servers.
 
   --max-stack-size=val   set max v8 stack size (bytes)
 
-  --enable-ssl2          enable ssl2 in crypto, tls, and https
-                         modules
-
   --enable-ssl3          enable ssl3 in crypto, tls, and https
                          modules
 

diff --git a/src/node_constants.cc b/src/node_constants.cc
@@ -904,10 +904,6 @@ void DefineConstants(Handle<Object> target) {
   NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_SESS_ID_BUG);
 #endif
 
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
-  NODE_DEFINE_CONSTANT(target, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
 #ifdef SSL_OP_NETSCAPE_CA_DN_BUG
   NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CA_DN_BUG);
 #endif
@@ -936,10 +932,6 @@ void DefineConstants(Handle<Object> target) {
   NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 #endif
 
-#ifdef SSL_OP_NO_SSLv2
-  NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SSLv2);
-#endif
-
 #ifdef SSL_OP_NO_SSLv3
   NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SSLv3);
 #endif