Browse Source

doc: remove SSLv2 descriptions

Doc descriptions related to SSLv2 are no longer needed.

Fixes: https://github.com/nodejs/node/pull/5529
PR-URL: https://github.com/nodejs/node/pull/5541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v0.10
Shigeki Ohtsu 9 years ago
parent
commit
6db377b2f4
  1. 19
      doc/api/tls.markdown
  2. 3
      doc/node.1

19
doc/api/tls.markdown

@ -40,24 +40,22 @@ To create .pfx or .p12, do this:
## Protocol support
Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
Node.js is compiled with SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by [CVE-2014-3566][]. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively. In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.
If you wish to enable SSLv3, run node with the `--enable-ssl3` flag. In future
versions of Node.js SSLv3 will not be compiled in by default.
There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.
There is a way to force node into using SSLv3 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'`.
The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports. To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).
by setting the `secureOptions` to be `SSL_OP_NO_SSLv3` (again, unless you have
passed `--enable-ssl3`, or `SSLv3_method` as `secureProtocol`).
If you have set `secureOptions` to anything, we will not override your
options.
@ -172,9 +170,6 @@ automatically set as a listener for the [secureConnection][] event. The
- `honorCipherOrder` : When choosing a cipher, use the server's preferences
instead of the client preferences.
Note that if SSLv2 is used, the server will send its list of preferences
to the client, and the client chooses the cipher.
Although, this option is disabled by default, it is *recommended* that you
use this option in conjunction with the `ciphers` option to mitigate
BEAST attacks.

3
doc/node.1

@ -62,9 +62,6 @@ and servers.
--max-stack-size=val set max v8 stack size (bytes)
--enable-ssl2 enable ssl2 in crypto, tls, and https
modules
--enable-ssl3 enable ssl3 in crypto, tls, and https
modules

Loading…
Cancel
Save