daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: document why SSL2/SSL3 is disabled 

PR-URL: https://github.com/joyent/node/pull/8551
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
pull/23395/head
Fedor Indutny 2014-10-15 19:28:16 +04:00
parent 0ec78c961b
commit d6712917f5
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/api/tls.markdown
View File

@ -38,6 +38,14 @@ To create .pfx or .p12, do this:
- `certfile`: all CA certs concatenated in one file like - `certfile`: all CA certs concatenated in one file like
`cat ca1-cert.pem ca2-cert.pem > ca-cert.pem` `cat ca1-cert.pem ca2-cert.pem > ca-cert.pem`
## Protocol support
Node.js is compiled without SSL2/SSL3 protocol support by default. These
protocols are insecure and could be easily compromised as was shown by
[CVE-2014-3566][]. However, in some situations, it may cause
problems with legacy clients/servers (such as Internet Explorer 6). If you do
really wish to use them, please rebuild node.js with `./configure --with-ssl3`.
## Client-initiated renegotiation attack mitigation ## Client-initiated renegotiation attack mitigation
@ -573,4 +581,5 @@ The numeric representation of the remote port. For example, `443`.
[Stream]: stream.html#stream_stream [Stream]: stream.html#stream_stream
[SSL_METHODS]: http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS [SSL_METHODS]: http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS
[tls.Server]: #tls_class_tls_server [tls.Server]: #tls_class_tls_server
[SSL_CTX_set_options]: https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html [SSL_CTX_set_options]: https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
[CVE-2014-3566]: https://access.redhat.com/articles/1232123