From 71bac70bf2e2fa14662a98a5d44472587a68cfca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Mon, 25 Oct 2021 01:05:33 +0200 Subject: [PATCH] doc: ref OpenSSL legacy provider from crypto docs This adds a link to the --openssl-legacy-provider flag to the "Support for weak or compromised algorithms" section. PR-URL: https://github.com/nodejs/node/pull/40593 Refs: https://github.com/nodejs/node/pull/40478 Reviewed-By: Richard Lau Reviewed-By: Voltrex Reviewed-By: Luigi Pinca Reviewed-By: Beth Griggs --- doc/api/crypto.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 7a64303fd65198..2011149b1d0d9f 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -5378,6 +5378,10 @@ Based on the recommendations of [NIST SP 800-131A][]: See the reference for other recommendations and details. +Some algorithms that have known weaknesses and are of little relevance in +practice are only available through the [legacy provider][], which is not +enabled by default. + ### CCM mode CCM is one of the supported [AEAD algorithms][]. Applications which use this @@ -5912,6 +5916,7 @@ See the [list of SSL OP Flags][] for details. [certificate object]: tls.md#certificate-object [encoding]: buffer.md#buffers-and-character-encodings [initialization vector]: https://en.wikipedia.org/wiki/Initialization_vector +[legacy provider]: cli.md#--openssl-legacy-provider [list of SSL OP Flags]: https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#Table_of_Options [modulo bias]: https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias [safe integers]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger