diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index e1166230d719c6..e195c98e322746 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -856,6 +856,12 @@ thrown.
## `crypto` module methods and properties
+## crypto.constants
+
+Returns an object containing commonly used constants for crypto and security
+related operations. The specific constants currently defined are described in
+[Crypto Constants][].
+
### crypto.DEFAULT_ENCODING
The default encoding to use for functions that can take either strings
@@ -1205,11 +1211,11 @@ keys:
* `key` : {String} - PEM encoded private key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.privateEncrypt(private_key, buffer)
@@ -1223,11 +1229,11 @@ keys:
* `key` : {String} - PEM encoded private key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.publicDecrypt(public_key, buffer)
@@ -1241,14 +1247,14 @@ keys:
* `key` : {String} - PEM encoded public key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
Because RSA public keys can be derived from private keys, a private key may
be passed instead of a public key.
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.publicEncrypt(public_key, buffer)
@@ -1262,14 +1268,14 @@ keys:
* `key` : {String} - PEM encoded public key
* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
- * `constants.RSA_NO_PADDING`
- * `constants.RSA_PKCS1_PADDING`
- * `constants.RSA_PKCS1_OAEP_PADDING`
+ * `crypto.constants.RSA_NO_PADDING`
+ * `crypto.constants.RSA_PKCS1_PADDING`
+ * `crypto.constants.RSA_PKCS1_OAEP_PADDING`
Because RSA public keys can be derived from private keys, a private key may
be passed instead of a public key.
-All paddings are defined in the `constants` module.
+All paddings are defined in `crypto.constants`.
### crypto.randomBytes(size[, callback])
@@ -1313,22 +1319,22 @@ Load and set the `engine` for some or all OpenSSL functions (selected by flags).
`engine` could be either an id or a path to the engine's shared library.
The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags`
-is a bit field taking one of or a mix of the following flags (defined in the
-`constants` module):
-
-* `ENGINE_METHOD_RSA`
-* `ENGINE_METHOD_DSA`
-* `ENGINE_METHOD_DH`
-* `ENGINE_METHOD_RAND`
-* `ENGINE_METHOD_ECDH`
-* `ENGINE_METHOD_ECDSA`
-* `ENGINE_METHOD_CIPHERS`
-* `ENGINE_METHOD_DIGESTS`
-* `ENGINE_METHOD_STORE`
-* `ENGINE_METHOD_PKEY_METHS`
-* `ENGINE_METHOD_PKEY_ASN1_METHS`
-* `ENGINE_METHOD_ALL`
-* `ENGINE_METHOD_NONE`
+is a bit field taking one of or a mix of the following flags (defined in
+`crypto.constants`):
+
+* `crypto.constants.ENGINE_METHOD_RSA`
+* `crypto.constants.ENGINE_METHOD_DSA`
+* `crypto.constants.ENGINE_METHOD_DH`
+* `crypto.constants.ENGINE_METHOD_RAND`
+* `crypto.constants.ENGINE_METHOD_ECDH`
+* `crypto.constants.ENGINE_METHOD_ECDSA`
+* `crypto.constants.ENGINE_METHOD_CIPHERS`
+* `crypto.constants.ENGINE_METHOD_DIGESTS`
+* `crypto.constants.ENGINE_METHOD_STORE`
+* `crypto.constants.ENGINE_METHOD_PKEY_METHS`
+* `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
+* `crypto.constants.ENGINE_METHOD_ALL`
+* `crypto.constants.ENGINE_METHOD_NONE`
## Notes
@@ -1380,6 +1386,316 @@ Based on the recommendations of [NIST SP 800-131A][]:
See the reference for other recommendations and details.
+## Crypto Constants
+
+The following constants exported by `crypto.constants` apply to various uses of
+the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
+
+### OpenSSL Options
+
+
+
+ Constant |
+ Description |
+
+
+ SSL_OP_ALL |
+ Applies multiple bug workarounds within OpenSSL. See
+ https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html for
+ detail. |
+
+
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION |
+ Allows legacy insecure renegotiation between OpenSSL and unpatched
+ clients or servers. See
+ https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. |
+
+
+ SSL_OP_CIPHER_SERVER_PREFERENCE |
+ Uses the server's preferences instead of the clients when selecting a
+ cipher. See
+ https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. |
+
+
+ SSL_OP_CISCO_ANYCONNECT |
+ Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. |
+
+
+ SSL_OP_COOKIE_EXCHANGE |
+ Instructs OpenSSL to turn on cookie exchange. |
+
+
+ SSL_OP_CRYPTOPRO_TLSEXT_BUG |
+ Instructs OpenSSL to add server-hello extension from an early version
+ of the cryptopro draft. |
+
+
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
+ Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability
+ workaround added in OpenSSL 0.9.6d. |
+
+
+ SSL_OP_EPHEMERAL_RSA |
+ Instructs OpenSSL to always use the tmp_rsa key when performing RSA
+ operations. |
+
+
+ SSL_OP_LEGACY_SERVER_CONNECT |
+ Allow initial connection to servers that do not support RI. |
+
+
+ SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
+ |
+
+
+ SSL_OP_MICROSOFT_SESS_ID_BUG |
+ |
+
+
+ SSL_OP_MSIE_SSLV2_RSA_PADDING |
+ Instructs OpenSSL to disable the workaround for a man-in-the-middle
+ protocol-version vulnerability in the SSL 2.0 server implementation. |
+
+
+ SSL_OP_NETSCAPE_CA_DN_BUG |
+ |
+
+
+ SSL_OP_NETSCAPE_CHALLENGE_BUG |
+ |
+
+
+ SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG |
+ |
+
+
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
+ |
+
+
+ SSL_OP_NO_COMPRESSION |
+ Instructs OpenSSL to disable support for SSL/TLS compression. |
+
+
+ SSL_OP_NO_QUERY_MTU |
+ |
+
+
+ SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
+ Instructs OpenSSL to always start a new session when performing
+ renegotiation. |
+
+
+ SSL_OP_NO_SSLv2 |
+ Instructs OpenSSL to turn off SSL v2 |
+
+
+ SSL_OP_NO_SSLv3 |
+ Instructs OpenSSL to turn off SSL v3 |
+
+
+ SSL_OP_NO_TICKET |
+ Instructs OpenSSL to disable use of RFC4507bis tickets. |
+
+
+ SSL_OP_NO_TLSv1 |
+ Instructs OpenSSL to turn off TLS v1 |
+
+
+ SSL_OP_NO_TLSv1_1 |
+ Instructs OpenSSL to turn off TLS v1.1 |
+
+
+ SSL_OP_NO_TLSv1_2 |
+ Instructs OpenSSL to turn off TLS v1.2 |
+
+ SSL_OP_PKCS1_CHECK_1 |
+ |
+
+
+ SSL_OP_PKCS1_CHECK_2 |
+ |
+
+
+ SSL_OP_SINGLE_DH_USE |
+ Instructs OpenSSL to always create a new key when using
+ temporary/ephemeral DH parameters. |
+
+
+ SSL_OP_SINGLE_ECDH_USE |
+ Instructs OpenSSL to always create a new key when using
+ temporary/ephemeral ECDH parameters. |
+
+ SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
+ |
+
+
+ SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG |
+ |
+
+
+ SSL_OP_TLS_BLOCK_PADDING_BUG |
+ |
+
+
+ SSL_OP_TLS_D5_BUG |
+ |
+
+
+ SSL_OP_TLS_ROLLBACK_BUG |
+ Instructs OpenSSL to disable version rollback attack detection. |
+
+
+
+### OpenSSL Engine Constants
+
+
+
+ Constant |
+ Description |
+
+
+ ENGINE_METHOD_RSA |
+ Limit engine usage to RSA |
+
+
+ ENGINE_METHOD_DSA |
+ Limit engine usage to DSA |
+
+
+ ENGINE_METHOD_DH |
+ Limit engine usage to DH |
+
+
+ ENGINE_METHOD_RAND |
+ Limit engine usage to RAND |
+
+
+ ENGINE_METHOD_ECDH |
+ Limit engine usage to ECDH |
+
+
+ ENGINE_METHOD_ECDSA |
+ Limit engine usage to ECDSA |
+
+
+ ENGINE_METHOD_CIPHERS |
+ Limit engine usage to CIPHERS |
+
+
+ ENGINE_METHOD_DIGESTS |
+ Limit engine usage to DIGESTS |
+
+
+ ENGINE_METHOD_STORE |
+ Limit engine usage to STORE |
+
+
+ ENGINE_METHOD_PKEY_METHS |
+ Limit engine usage to PKEY_METHDS |
+
+
+ ENGINE_METHOD_PKEY_ASN1_METHS |
+ Limit engine usage to PKEY_ASN1_METHS |
+
+
+ ENGINE_METHOD_ALL |
+ |
+
+
+ ENGINE_METHOD_NONE |
+ |
+
+
+
+### Other OpenSSL Constants
+
+