lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

doc: remove SSLv2 descriptions 

Doc descriptions related to SSLv2 are no longer needed.

Fixes: https://github.com/nodejs/node/pull/5529
PR-URL: https://github.com/nodejs/node/pull/5541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v0.10
Shigeki Ohtsu 9 years ago
parent
f8cb0dcf67
commit
6db377b2f4
2 changed files with 7 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      doc/api/tls.markdown
  2. 3
      doc/node.1

19
doc/api/tls.markdown
View File

@ -40,24 +40,22 @@ To create .pfx or .p12, do this:
## Protocol support
Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
Node.js is compiled with SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by [CVE-2014-3566][]. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively. In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.
If you wish to enable SSLv3, run node with the `--enable-ssl3` flag. In future
versions of Node.js SSLv3 will not be compiled in by default.
There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.
There is a way to force node into using SSLv3 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'`.
The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports. To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).
by setting the `secureOptions` to be `SSL_OP_NO_SSLv3` (again, unless you have
passed `--enable-ssl3`, or `SSLv3_method` as `secureProtocol`).
If you have set `secureOptions` to anything, we will not override your
options.
@ -172,9 +170,6 @@ automatically set as a listener for the [secureConnection][] event. The
- `honorCipherOrder` : When choosing a cipher, use the server's preferences
instead of the client preferences.
Note that if SSLv2 is used, the server will send its list of preferences
to the client, and the client chooses the cipher.
Although, this option is disabled by default, it is *recommended* that you
use this option in conjunction with the `ciphers` option to mitigate
BEAST attacks.

3
doc/node.1
View File

@ -62,9 +62,6 @@ and servers.
--max-stack-size=val set max v8 stack size (bytes)
--enable-ssl2 enable ssl2 in crypto, tls, and https
modules
--enable-ssl3 enable ssl3 in crypto, tls, and https
modules

Write Preview
Loading…
Cancel
Save