-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: add tls.DEFAULT_ECDH_CURVE #10264
Conversation
The default curve name to use for ECDH key agreement. The default value is | ||
`'prime256v1'` (NIST P-256). Consult [RFC 4492] for more details. | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: extra space
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM if you drop the extra blank line.
@@ -1076,6 +1076,12 @@ For example: | |||
console.log(tls.getCiphers()); // ['AES128-SHA', 'AES256-SHA', ...] | |||
``` | |||
|
|||
## tls.DEFAULT_ECDH_CURVE | |||
|
|||
The default curve name to use for ECDH key agreement. The default value is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is only effective on the key agreement on a tls server. I think that for ECDH key agreement in a tls server.
is better.
## tls.DEFAULT_ECDH_CURVE | ||
|
||
The default curve name to use for ECDH key agreement. The default value is | ||
`'prime256v1'` (NIST P-256). Consult [RFC 4492] for more details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RFC4492 seems to be old but the current RFC4492bis is under LastCall and not finished yet. The reference of prime256v1/NIST P-256 in RF4492 is outdated so I think it is better also to add the latest FIPS reference of FIPS.186-4 for NIST P-256. The reference link is also missed.
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -1078,9 +1078,9 @@ console.log(tls.getCiphers()); // ['AES128-SHA', 'AES256-SHA', ...]
## tls.DEFAULT_ECDH_CURVE
-The default curve name to use for ECDH key agreement. The default value is
-`'prime256v1'` (NIST P-256). Consult [RFC 4492] for more details.
-
+The default curve name to use for ECDH key agreement in a tls
+server. The default value is `'prime256v1'` (NIST P-256). Consult [RFC
+4492] and [FIPS.186-4] for more details.
## Deprecated APIs
@@ -1219,3 +1219,5 @@ where `secure_socket` has the same API as `pair.cleartext`.
[`tls.TLSSocket.getPeerCertificate()`]: #tls_tlssocket_getpeercertificate_detailed
[`tls.createSecureContext()`]: #tls_tls_createsecurecontext_options
[`tls.connect()`]: #tls_tls_connect_options_callback
+[RFC 4492]: https://www.rfc-editor.org/rfc/rfc4492.txt
+[FIPS.186-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE.
12e36b1
to
3b6f83a
Compare
@shigeki PTAL, I used your text verbatim, thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
@sam-github Please rebase the commits in your name not mine.
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Italo A. Casas <me@italoacasas.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Landed in 97ab4b2 |
Thanks @jasnell and thanks for rewriting author. |
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Italo A. Casas <me@italoacasas.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Italo A. Casas <me@italoacasas.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
@sam-github does this apply to the v4 and v6 implementation? If so feel free to backport |
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: nodejs#10264 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Italo A. Casas <me@italoacasas.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
@MylesBorins this lands clean on v6.x, but isn't in v6.x-staging yet, is there some problem with it? |
Its too much energy to backport docs to 4.x. Lands clean on 6.x. |
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Italo A. Casas <me@italoacasas.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Italo A. Casas <me@italoacasas.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Checklist
Affected core subsystem(s)
doc
Description of change
A user can change the default curve for ECDH key agreement by
using tls.DEFAULT_ECDH_CURVE.
From #1495 (comment), forward-port 02a51cf to master.
/to @shigeki