lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

doc: remove SSLv2 descriptions 

Doc descriptions related to SSLv2 are no longer needed.

Fixes: https://github.com/nodejs/node/pull/5529
PR-URL: https://github.com/nodejs/node/pull/5541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v0.12-staging
Shigeki Ohtsu 9 years ago
committed by Rod Vagg
parent
1ab6653db9
commit
ce58c2c31a
2 changed files with 7 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      doc/api/tls.markdown
  2. 3
      doc/node.1

16
doc/api/tls.markdown
View File

@ -40,24 +40,22 @@ To create .pfx or .p12, do this:
## Protocol support
Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
Node.js is compiled with SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by [CVE-2014-3566][]. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively. In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.
If you wish to enable SSLv3, run node with the `--enable-ssl3` flag. In future
versions of Node.js SSLv3 will not be compiled in by default.
There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.
There is a way to force node into using SSLv3 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'`.
The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports. To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).
by setting the `secureOptions` to be `SSL_OP_NO_SSLv3` (again, unless you have
passed `--enable-ssl3`, or `SSLv3_method` as `secureProtocol`).
If you have set `secureOptions` to anything, we will not override your
options.

3
doc/node.1
View File

@ -62,9 +62,6 @@ and servers.
--max-stack-size=val set max v8 stack size (bytes)
--enable-ssl2 enable ssl2 in crypto, tls, and https
modules
--enable-ssl3 enable ssl3 in crypto, tls, and https
modules

Write Preview
Loading…
Cancel
Save