Skip to content

Commit

Permalink
doc: link and expand --tls-cipher-list docs
Browse files Browse the repository at this point in the history
Link to the cli docs for --tls-cipher-list, and link to and mention that
NODE_OPTIONS can also be used.

PR-URL: #25174
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Vse Mozhet Byt <[email protected]>
  • Loading branch information
sam-github authored and targos committed Jan 1, 2019
1 parent 88e7386 commit 3af173d
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -169,12 +169,16 @@ HIGH:
!CAMELLIA
```

This default can be replaced entirely using the `--tls-cipher-list` command
line switch. For instance, the following makes
`ECDHE-RSA-AES128-GCM-SHA256:!RC4` the default TLS cipher suite:
This default can be replaced entirely using the [`--tls-cipher-list`][] command line
switch (directly, or via the [`NODE_OPTIONS`][] environment variable). For
instance, the following makes `ECDHE-RSA-AES128-GCM-SHA256:!RC4` the default
TLS cipher suite:

```sh
node --tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256:!RC4"
node --tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256:!RC4" server.js

export NODE_OPTIONS=--tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256:!RC4"
node server.js
```

The default can also be replaced on a per client or server basis using the
Expand Down Expand Up @@ -1412,6 +1416,8 @@ where `secureSocket` has the same API as `pair.cleartext`.

[`'secureConnect'`]: #tls_event_secureconnect
[`'secureConnection'`]: #tls_event_secureconnection
[`--tls-cipher-list`]: cli.html#cli_tls_cipher_list_list
[`NODE_OPTIONS`]: cli.html#cli_node_options_options
[`SSL_CTX_set_timeout`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_timeout.html
[`crypto.getCurves()`]: crypto.html#crypto_crypto_getcurves
[`dns.lookup()`]: dns.html#dns_dns_lookup_hostname_options_callback
Expand Down

0 comments on commit 3af173d

Please sign in to comment.