Skip to content

Commit 16650ee

Browse files
tniessentniessen
authored
doc: clarify supported versus enabled TLS ciphers
PR-URL: #42063 Refs: #42059 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Mestery <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Harshitha K P <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: James M Snell <[email protected]>
1 parent 45b5ca8 commit 16650ee

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

doc/api/tls.md

+5-2
Original file line numberDiff line numberDiff line change
@@ -1799,7 +1799,7 @@ changes:
17991799
See [OpenSSL man pages](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_sigalgs_list.html)
18001800
for more info.
18011801
* `ciphers` {string} Cipher suite specification, replacing the default. For
1802-
more information, see [modifying the default cipher suite][]. Permitted
1802+
more information, see [Modifying the default TLS cipher suite][]. Permitted
18031803
ciphers can be obtained via [`tls.getCiphers()`][]. Cipher names must be
18041804
uppercased in order for OpenSSL to accept them.
18051805
* `clientCertEngine` {string} Name of an OpenSSL engine which can provide the
@@ -2101,6 +2101,9 @@ Returns an array with the names of the supported TLS ciphers. The names are
21012101
lower-case for historical reasons, but must be uppercased to be used in
21022102
the `ciphers` option of [`tls.createSecureContext()`][].
21032103

2104+
Not all supported ciphers are enabled by default. See
2105+
[Modifying the default TLS cipher suite][].
2106+
21042107
Cipher names that start with `'tls_'` are for TLSv1.3, all the others are for
21052108
TLSv1.2 and below.
21062109

@@ -2169,6 +2172,7 @@ added: v11.4.0
21692172
[Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
21702173
[DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
21712174
[ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
2175+
[Modifying the default TLS cipher suite]: #modifying-the-default-tls-cipher-suite
21722176
[Mozilla's publicly trusted list of CAs]: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
21732177
[OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling
21742178
[OpenSSL Options]: crypto.md#openssl-options
@@ -2220,6 +2224,5 @@ added: v11.4.0
22202224
[certificate object]: #certificate-object
22212225
[cipher list format]: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-LIST-FORMAT
22222226
[forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy
2223-
[modifying the default cipher suite]: #modifying-the-default-tls-cipher-suite
22242227
[perfect forward secrecy]: #perfect-forward-secrecy
22252228
[specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

0 commit comments

Comments
 (0)