Skip to content
This repository was archived by the owner on Apr 22, 2023. It is now read-only.

Commit a294aee

Browse files
iamthechadmhdawson
iamthechad
authored and
mhdawson
committed
doc: Using ciphers with tls.connect()
Refs #25270,#25271 Reviewed-By: Michael Dawson <[email protected]> PR-URL: #25325
1 parent ebbb356 commit a294aee

File tree

1 file changed

+16
-1
lines changed

1 file changed

+16
-1
lines changed

doc/api/tls.markdown

+16-1
Original file line numberDiff line numberDiff line change
@@ -182,7 +182,7 @@ automatically set as a listener for the [secureConnection][] event. The
182182
on the format.
183183

184184
`ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and
185-
`AES128-GCM-SHA256` are TLS v1.2 ciphers and used when node.js is
185+
`AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is
186186
linked against OpenSSL 1.0.1 or newer, such as the bundled version
187187
of OpenSSL. Note that it is still possible for a TLS v1.2 client
188188
to negotiate a weaker cipher unless `honorCipherOrder` is enabled.
@@ -341,6 +341,20 @@ Creates a new client connection to the given `port` and `host` (old API) or
341341
- `path`: Creates unix socket connection to path. If this option is
342342
specified, `host` and `port` are ignored.
343343

344+
- `ciphers`: A string describing the ciphers to use or exclude.
345+
346+
Defaults to
347+
`ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL`.
348+
Consult the [OpenSSL cipher list format documentation] for details
349+
on the format.
350+
351+
The full list of available ciphers can be obtained via [tls.getCiphers][].
352+
353+
`ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and
354+
`AES128-GCM-SHA256` are TLS v1.2 ciphers and used when Node.js is
355+
linked against OpenSSL 1.0.1 or newer, such as the bundled version
356+
of OpenSSL.
357+
344358
- `pfx`: A string or `Buffer` containing the private key, certificate and
345359
CA certs of the client in PFX or PKCS12 format.
346360

@@ -835,6 +849,7 @@ The numeric representation of the local port.
835849

836850
[OpenSSL cipher list format documentation]: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
837851
[BEAST attacks]: http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
852+
[tls.getCiphers]: #tls_tls_getciphers
838853
[tls.createServer]: #tls_tls_createserver_options_secureconnectionlistener
839854
[tls.createSecurePair]: #tls_tls_createsecurepair_credentials_isserver_requestcert_rejectunauthorized
840855
[tls.TLSSocket]: #tls_class_tls_tlssocket

0 commit comments

Comments
 (0)