From c1bf89df2e93c72f7dd22a8399d6f8734888916d Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Thu, 27 Jun 2013 01:37:29 +0200 Subject: [PATCH] doc: tls: ECDH ciphers are not supported --- doc/api/tls.markdown | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index b9d22d0135f..92a2bcd7fa9 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -117,14 +117,13 @@ automatically set as a listener for the [secureConnection][] event. The conjunction with the `honorCipherOrder` option described below to prioritize the non-CBC cipher. - Defaults to - `ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH`. + Defaults to `AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH`. Consult the [OpenSSL cipher list format documentation] for details on the - format. + format. ECDH (Elliptic Curve Diffie-Hellman) ciphers are not yet supported. - `ECDHE-RSA-AES128-SHA256` and `AES128-GCM-SHA256` are used when node.js is - linked against OpenSSL 1.0.1 or newer and the client speaks TLS 1.2, RC4 is - used as a secure fallback. + + `AES128-GCM-SHA256` is used when node.js is linked against OpenSSL 1.0.1 + or newer and the client speaks TLS 1.2, RC4 is used as a secure fallback. **NOTE**: Previous revisions of this section suggested `AES256-SHA` as an acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore