diff --git a/BUILDING.md b/BUILDING.md index 7749574a993ee1..2fe919328edd62 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -230,7 +230,7 @@ as `deps/icu` (You'll have: `deps/icu/source/...`) NOTE: Windows is not yet supported It is possible to build Node.js with -[OpenSSL FIPS module](https://www.openssl.org/docs/fips/fipsnotes.html). +[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html). **Note**: building in this way does **not** allow you to claim that the runtime is FIPS 140-2 validated. Instead you can indicate that the runtime diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 956c1cb891ca1e..0f063157b7160a 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1633,20 +1633,20 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. SSL_OP_ALL Applies multiple bug workarounds within OpenSSL. See - https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html for + https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See - https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. + https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. SSL_OP_CIPHER_SERVER_PREFERENCE Uses the server's preferences instead of the clients when selecting a cipher. See - https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. + https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. SSL_OP_CISCO_ANYCONNECT @@ -1949,7 +1949,7 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. [`ecdh.generateKeys()`]: #crypto_ecdh_generatekeys_encoding_format [`ecdh.setPrivateKey()`]: #crypto_ecdh_setprivatekey_private_key_encoding [`ecdh.setPublicKey()`]: #crypto_ecdh_setpublickey_public_key_encoding -[`EVP_BytesToKey`]: https://www.openssl.org/docs/crypto/EVP_BytesToKey.html +[`EVP_BytesToKey`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_BytesToKey.html [`hash.digest()`]: #crypto_hash_digest_encoding [`hash.update()`]: #crypto_hash_update_data_input_encoding [`hmac.digest()`]: #crypto_hmac_digest_encoding @@ -1964,8 +1964,8 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. [initialization vector]: https://en.wikipedia.org/wiki/Initialization_vector [NIST SP 800-131A]: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf [NIST SP 800-132]: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf -[OpenSSL cipher list format]: https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT -[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/apps/spkac.html +[OpenSSL cipher list format]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT +[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.0.2/apps/spkac.html [publicly trusted list of CAs]: https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt [RFC 2412]: https://www.rfc-editor.org/rfc/rfc2412.txt [RFC 3526]: https://www.rfc-editor.org/rfc/rfc3526.txt diff --git a/doc/api/https.md b/doc/api/https.md index bc0e4114c39761..3af6dedcd914e7 100644 --- a/doc/api/https.md +++ b/doc/api/https.md @@ -203,7 +203,7 @@ The following options from [`tls.connect()`][] can also be specified. However, a certificates in PEM format. If this is omitted several well known "root" CAs will be used, like VeriSign. These are used to authorize connections. - `ciphers`: A string describing the ciphers to use or exclude. Consult - for + for details on the format. - `rejectUnauthorized`: If `true`, the server certificate is verified against the list of supplied CAs. An `'error'` event is emitted if verification @@ -267,7 +267,7 @@ var req = https.request(options, (res) => { [`http.Server`]: http.html#http_class_http_server [`https.Agent`]: #https_class_https_agent [`https.request()`]: #https_https_request_options_callback -[`SSL_METHODS`]: https://www.openssl.org/docs/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS +[`SSL_METHODS`]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS [`tls.connect()`]: tls.html#tls_tls_connect_options_callback [`tls.createServer()`]: tls.html#tls_tls_createserver_options_secureconnectionlistener [`url.parse()`]: url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost diff --git a/doc/api/tls.md b/doc/api/tls.md index c7daa8f181820e..6180d91b667e67 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -535,7 +535,7 @@ that first defined the cipher. For example: `{ name: 'AES256-SHA', version: 'TLSv1/SSLv3' }` See `SSL_CIPHER_get_name()` and `SSL_CIPHER_get_version()` in -https://www.openssl.org/docs/manmaster/ssl/SSL_CIPHER_get_name.html for more +https://www.openssl.org/docs/man1.0.2/ssl/SSL_CIPHER_get_name.html for more information. ### tlsSocket.getEphemeralKeyInfo() @@ -611,7 +611,7 @@ Example responses include: * `TLSv1.2` * `unknown` -See https://www.openssl.org/docs/manmaster/ssl/SSL_get_version.html for more +See https://www.openssl.org/docs/man1.0.2/ssl/SSL_get_version.html for more information. ### tlsSocket.getSession() @@ -936,7 +936,7 @@ added: v0.11.13 CRLs (Certificate Revocation List). * `ciphers` {string} A string describing the ciphers to use or exclude. Consult - + for details on the format. * `honorCipherOrder` {boolean} If `true`, when a cipher is being selected, the server's preferences will be used instead of the client preferences. @@ -1252,7 +1252,7 @@ secure_socket = tls.TLSSocket(socket, options); where `secure_socket` has the same API as `pair.cleartext`. -[OpenSSL cipher list format documentation]: https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT +[OpenSSL cipher list format documentation]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT [Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites [specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html [`crypto.getCurves()`]: crypto.html#crypto_crypto_getcurves @@ -1266,9 +1266,9 @@ where `secure_socket` has the same API as `pair.cleartext`. [`'secureConnection'`]: #tls_event_secureconnection [Perfect Forward Secrecy]: #tls_perfect_forward_secrecy [Stream]: stream.html#stream_stream -[SSL_METHODS]: https://www.openssl.org/docs/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS +[SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS [tls.Server]: #tls_class_tls_server -[SSL_CTX_set_timeout]: https://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html +[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html [Forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy [DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange [ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman