From ced4cf7aa004058418d7dc64de9b883f532054b8 Mon Sep 17 00:00:00 2001 From: cjihrig Date: Sat, 10 Nov 2018 15:59:58 -0500 Subject: [PATCH] doc: document NODE_TLS_REJECT_UNAUTHORIZED This commit documents the NODE_TLS_REJECT_UNAUTHORIZED environment variable so that the world can know how potentially dangerous it is. PR-URL: https://github.com/nodejs/node/pull/24289 Fixes: https://github.com/nodejs/node/issues/24284 Reviewed-By: Vse Mozhet Byt Reviewed-By: James M Snell Reviewed-By: Luigi Pinca Reviewed-By: Ruben Bridgewater Reviewed-By: Trivikram Kamat --- doc/api/cli.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/api/cli.md b/doc/api/cli.md index 723e849d4e467f..209f8bf05a5235 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -681,6 +681,12 @@ Path to the file used to store the persistent REPL history. The default path is `~/.node_repl_history`, which is overridden by this variable. Setting the value to an empty string (`''` or `' '`) disables persistent REPL history. +### `NODE_TLS_REJECT_UNAUTHORIZED=value` + +If `value` equals `'0'`, certificate validation is disabled for TLS connections. +This makes TLS, and HTTPS by extension, insecure. The use of this environment +variable is strongly discouraged. + ### `NODE_V8_COVERAGE=dir` When set, Node.js will begin outputting [V8 JavaScript code coverage][] to the