diff --git a/BUILDING.md b/BUILDING.md
index 7749574a993ee1..2fe919328edd62 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -230,7 +230,7 @@ as `deps/icu` (You'll have: `deps/icu/source/...`)
NOTE: Windows is not yet supported
It is possible to build Node.js with
-[OpenSSL FIPS module](https://www.openssl.org/docs/fips/fipsnotes.html).
+[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html).
**Note**: building in this way does **not** allow you to claim that the
runtime is FIPS 140-2 validated. Instead you can indicate that the runtime
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index 956c1cb891ca1e..0f063157b7160a 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -1633,20 +1633,20 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
SSL_OP_ALL |
Applies multiple bug workarounds within OpenSSL. See
- https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html for
+ https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for
detail. |
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION |
Allows legacy insecure renegotiation between OpenSSL and unpatched
clients or servers. See
- https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. |
+ https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
SSL_OP_CIPHER_SERVER_PREFERENCE |
Uses the server's preferences instead of the clients when selecting a
cipher. See
- https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html. |
+ https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
SSL_OP_CISCO_ANYCONNECT |
@@ -1949,7 +1949,7 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
[`ecdh.generateKeys()`]: #crypto_ecdh_generatekeys_encoding_format
[`ecdh.setPrivateKey()`]: #crypto_ecdh_setprivatekey_private_key_encoding
[`ecdh.setPublicKey()`]: #crypto_ecdh_setpublickey_public_key_encoding
-[`EVP_BytesToKey`]: https://www.openssl.org/docs/crypto/EVP_BytesToKey.html
+[`EVP_BytesToKey`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_BytesToKey.html
[`hash.digest()`]: #crypto_hash_digest_encoding
[`hash.update()`]: #crypto_hash_update_data_input_encoding
[`hmac.digest()`]: #crypto_hmac_digest_encoding
@@ -1964,8 +1964,8 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
[initialization vector]: https://en.wikipedia.org/wiki/Initialization_vector
[NIST SP 800-131A]: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf
[NIST SP 800-132]: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
-[OpenSSL cipher list format]: https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT
-[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/apps/spkac.html
+[OpenSSL cipher list format]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT
+[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.0.2/apps/spkac.html
[publicly trusted list of CAs]: https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt
[RFC 2412]: https://www.rfc-editor.org/rfc/rfc2412.txt
[RFC 3526]: https://www.rfc-editor.org/rfc/rfc3526.txt
diff --git a/doc/api/https.md b/doc/api/https.md
index bc0e4114c39761..3af6dedcd914e7 100644
--- a/doc/api/https.md
+++ b/doc/api/https.md
@@ -203,7 +203,7 @@ The following options from [`tls.connect()`][] can also be specified. However, a
certificates in PEM format. If this is omitted several well known "root"
CAs will be used, like VeriSign. These are used to authorize connections.
- `ciphers`: A string describing the ciphers to use or exclude. Consult
- for
+ for
details on the format.
- `rejectUnauthorized`: If `true`, the server certificate is verified against
the list of supplied CAs. An `'error'` event is emitted if verification
@@ -267,7 +267,7 @@ var req = https.request(options, (res) => {
[`http.Server`]: http.html#http_class_http_server
[`https.Agent`]: #https_class_https_agent
[`https.request()`]: #https_https_request_options_callback
-[`SSL_METHODS`]: https://www.openssl.org/docs/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
+[`SSL_METHODS`]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
[`tls.connect()`]: tls.html#tls_tls_connect_options_callback
[`tls.createServer()`]: tls.html#tls_tls_createserver_options_secureconnectionlistener
[`url.parse()`]: url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost
diff --git a/doc/api/tls.md b/doc/api/tls.md
index c7daa8f181820e..6180d91b667e67 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -535,7 +535,7 @@ that first defined the cipher.
For example: `{ name: 'AES256-SHA', version: 'TLSv1/SSLv3' }`
See `SSL_CIPHER_get_name()` and `SSL_CIPHER_get_version()` in
-https://www.openssl.org/docs/manmaster/ssl/SSL_CIPHER_get_name.html for more
+https://www.openssl.org/docs/man1.0.2/ssl/SSL_CIPHER_get_name.html for more
information.
### tlsSocket.getEphemeralKeyInfo()
@@ -611,7 +611,7 @@ Example responses include:
* `TLSv1.2`
* `unknown`
-See https://www.openssl.org/docs/manmaster/ssl/SSL_get_version.html for more
+See https://www.openssl.org/docs/man1.0.2/ssl/SSL_get_version.html for more
information.
### tlsSocket.getSession()
@@ -936,7 +936,7 @@ added: v0.11.13
CRLs (Certificate Revocation List).
* `ciphers` {string} A string describing the ciphers to use or exclude.
Consult
-
+
for details on the format.
* `honorCipherOrder` {boolean} If `true`, when a cipher is being selected,
the server's preferences will be used instead of the client preferences.
@@ -1252,7 +1252,7 @@ secure_socket = tls.TLSSocket(socket, options);
where `secure_socket` has the same API as `pair.cleartext`.
-[OpenSSL cipher list format documentation]: https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT
+[OpenSSL cipher list format documentation]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT
[Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
[specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
[`crypto.getCurves()`]: crypto.html#crypto_crypto_getcurves
@@ -1266,9 +1266,9 @@ where `secure_socket` has the same API as `pair.cleartext`.
[`'secureConnection'`]: #tls_event_secureconnection
[Perfect Forward Secrecy]: #tls_perfect_forward_secrecy
[Stream]: stream.html#stream_stream
-[SSL_METHODS]: https://www.openssl.org/docs/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
+[SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
[tls.Server]: #tls_class_tls_server
-[SSL_CTX_set_timeout]: https://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
+[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html
[Forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy
[DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman