Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

Commit

Permalink
doc: Using ciphers with tls.connect()
Browse files Browse the repository at this point in the history
Refs #25270,#25271

Reviewed-By: Michael Dawson <[email protected]>
PR-URL: #25325
  • Loading branch information
iamthechad authored and mhdawson committed May 21, 2015
1 parent ebbb356 commit a294aee
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ automatically set as a listener for the [secureConnection][] event. The
on the format.

`ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and
`AES128-GCM-SHA256` are TLS v1.2 ciphers and used when node.js is
`AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is
linked against OpenSSL 1.0.1 or newer, such as the bundled version
of OpenSSL. Note that it is still possible for a TLS v1.2 client
to negotiate a weaker cipher unless `honorCipherOrder` is enabled.
Expand Down Expand Up @@ -341,6 +341,20 @@ Creates a new client connection to the given `port` and `host` (old API) or
- `path`: Creates unix socket connection to path. If this option is
specified, `host` and `port` are ignored.

- `ciphers`: A string describing the ciphers to use or exclude.

Defaults to
`ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL`.
Consult the [OpenSSL cipher list format documentation] for details
on the format.

The full list of available ciphers can be obtained via [tls.getCiphers][].

`ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and
`AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is
linked against OpenSSL 1.0.1 or newer, such as the bundled version
of OpenSSL.

- `pfx`: A string or `Buffer` containing the private key, certificate and
CA certs of the client in PFX or PKCS12 format.

Expand Down Expand Up @@ -835,6 +849,7 @@ The numeric representation of the local port.

[OpenSSL cipher list format documentation]: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
[BEAST attacks]: http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
[tls.getCiphers]: #tls_tls_getciphers
[tls.createServer]: #tls_tls_createserver_options_secureconnectionlistener
[tls.createSecurePair]: #tls_tls_createsecurepair_credentials_isserver_requestcert_rejectunauthorized
[tls.TLSSocket]: #tls_class_tls_tlssocket
Expand Down

0 comments on commit a294aee

Please sign in to comment.