Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: deprecate modp1, modp2, and modp5 groups #44588

Merged
merged 1 commit into from
Sep 12, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -1185,15 +1185,20 @@ const dh = createDiffieHellmanGroup('modp16');

The following groups are supported:

* `'modp1'` (768 bits, [RFC 2409][] Section 6.1)
* `'modp2'` (1024 bits, [RFC 2409][] Section 6.2)
* `'modp5'` (1536 bits, [RFC 3526][] Section 2)
* `'modp14'` (2048 bits, [RFC 3526][] Section 3)
* `'modp15'` (3072 bits, [RFC 3526][] Section 4)
* `'modp16'` (4096 bits, [RFC 3526][] Section 5)
* `'modp17'` (6144 bits, [RFC 3526][] Section 6)
* `'modp18'` (8192 bits, [RFC 3526][] Section 7)

The following groups are still supported but deprecated (see [Caveats][]):

* `'modp1'` (768 bits, [RFC 2409][] Section 6.1) <span class="deprecated-inline"></span>
* `'modp2'` (1024 bits, [RFC 2409][] Section 6.2) <span class="deprecated-inline"></span>
* `'modp5'` (1536 bits, [RFC 3526][] Section 2) <span class="deprecated-inline"></span>

These deprecated groups might be removed in future versions of Node.js.

## Class: `ECDH`

<!-- YAML
Expand Down
19 changes: 19 additions & 0 deletions doc/api/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -3214,9 +3214,28 @@ Package imports and exports targets mapping into paths including a double slash
error in a future release. This same deprecation also applies to pattern matches
starting or ending in a slash.

### DEP0167: Weak `DiffieHellmanGroup` instances (`modp1`, `modp2`, `modp5`)

<!-- YAML
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/44588
description: Documentation-only deprecation.
-->

Type: Documentation-only

The well-known MODP groups `modp1`, `modp2`, and `modp5` are deprecated because
they are not secure against practical attacks. See [RFC 8247 Section 2.4][] for
details.

These groups might be removed in future versions of Node.js. Applications that
rely on these groups should evaluate using stronger MODP groups instead.

[Legacy URL API]: url.md#legacy-url-api
[NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
[RFC 6066]: https://tools.ietf.org/html/rfc6066#section-3
[RFC 8247 Section 2.4]: https://www.rfc-editor.org/rfc/rfc8247#section-2.4
[WHATWG URL API]: url.md#the-whatwg-url-api
[`"exports"` or `"main"` entry]: packages.md#main-entry-point-export
[`--pending-deprecation`]: cli.md#--pending-deprecation
Expand Down
3 changes: 2 additions & 1 deletion doc/api_assets/style.css
Original file line number Diff line number Diff line change
Expand Up @@ -598,7 +598,8 @@ hr {
padding-left: 5rem;
}

#toc .stability_0::after {
#toc .stability_0::after,
.deprecated-inline::after {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Holding off on approving until I have a chance to look at the impact of this change. If it affects other things than what's in this PR, a before/after screenshot might be helpful.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The added CSS selector only applies to the new <span class="deprecated-inline"></span>.

Light mode

screenshot of the new deprecated-inline CSS class

Dark mode

screenshot of the new deprecated-inline CSS class in dark mode

(The same rule already applies to deprecated items in the TOC.)

background-color: var(--red2);
color: var(--white);
content: "deprecated";
Expand Down