diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2014-01-20 16:12:37 +0100 |
---|---|---|
committer | Fedor Indutny <fedor.indutny@gmail.com> | 2014-01-20 19:33:18 +0400 |
commit | 8c303115f5e58f5f3a387c3f433822614754aa36 (patch) | |
tree | 8ea317b4a479030af5dbc3b8377ea77d0991b04f /doc/api/tls.markdown | |
parent | cda41f8775e6ad06ca4a500501b1d8712f412893 (diff) | |
download | node-8c303115f5e58f5f3a387c3f433822614754aa36.tar.gz |
doc: tls: clarify server cipher list
* Make it clear that ECDHE-RSA-AES128-SHA256 and AES128-GCM-SHA256 are
TLS v1.2 ciphers.
* Note that RC4 is under suspicion.
Diffstat (limited to 'doc/api/tls.markdown')
-rw-r--r-- | doc/api/tls.markdown | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index ceb1304a7..e82d47be3 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -146,9 +146,15 @@ automatically set as a listener for the [secureConnection][] event. The Consult the [OpenSSL cipher list format documentation] for details on the format. - - `AES128-GCM-SHA256` is used when node.js is linked against OpenSSL 1.0.1 - or newer and the client speaks TLS 1.2, RC4 is used as a secure fallback. + `ECDHE-RSA-AES128-SHA256` and `AES128-GCM-SHA256` are TLS v1.2 ciphers and + used when node.js is linked against OpenSSL 1.0.1 or newer, such as the + bundled version of OpenSSL. Note that it is still possible for a TLS v1.2 + client to negotiate a weaker cipher unless `honorCipherOrder` is enabled. + + `RC4` is used as a fallback for clients that speak on older version of + the TLS protocol. `RC4` has in recent years come under suspicion and + should be considered compromised for anything that is truly sensitive. + It is speculated that state-level actors posess the ability to break it. **NOTE**: Previous revisions of this section suggested `AES256-SHA` as an acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore |