From 8c303115f5e58f5f3a387c3f433822614754aa36 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Mon, 20 Jan 2014 16:12:37 +0100 Subject: [PATCH] doc: tls: clarify server cipher list * Make it clear that ECDHE-RSA-AES128-SHA256 and AES128-GCM-SHA256 are TLS v1.2 ciphers. * Note that RC4 is under suspicion. --- doc/api/tls.markdown | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index ceb1304a7a2..e82d47be309 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -146,9 +146,15 @@ automatically set as a listener for the [secureConnection][] event. The Consult the [OpenSSL cipher list format documentation] for details on the format. + `ECDHE-RSA-AES128-SHA256` and `AES128-GCM-SHA256` are TLS v1.2 ciphers and + used when node.js is linked against OpenSSL 1.0.1 or newer, such as the + bundled version of OpenSSL. Note that it is still possible for a TLS v1.2 + client to negotiate a weaker cipher unless `honorCipherOrder` is enabled. - `AES128-GCM-SHA256` is used when node.js is linked against OpenSSL 1.0.1 - or newer and the client speaks TLS 1.2, RC4 is used as a secure fallback. + `RC4` is used as a fallback for clients that speak on older version of + the TLS protocol. `RC4` has in recent years come under suspicion and + should be considered compromised for anything that is truly sensitive. + It is speculated that state-level actors posess the ability to break it. **NOTE**: Previous revisions of this section suggested `AES256-SHA` as an acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore