Skip to content

Commit

Permalink
doc: remove SSLv2 descriptions
Browse files Browse the repository at this point in the history
Doc descriptions related to SSLv2 are no longer needed.

Fixes: #5529
PR-URL: #5541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
Shigeki Ohtsu authored and rvagg committed Mar 3, 2016
1 parent 1ab6653 commit ce58c2c
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 12 deletions.
16 changes: 7 additions & 9 deletions doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -40,24 +40,22 @@ To create .pfx or .p12, do this:

## Protocol support

Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
Node.js is compiled with SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by [CVE-2014-3566][]. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively. In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.
If you wish to enable SSLv3, run node with the `--enable-ssl3` flag. In future
versions of Node.js SSLv3 will not be compiled in by default.

There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.
There is a way to force node into using SSLv3 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'`.

The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports. To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).
by setting the `secureOptions` to be `SSL_OP_NO_SSLv3` (again, unless you have
passed `--enable-ssl3`, or `SSLv3_method` as `secureProtocol`).

If you have set `secureOptions` to anything, we will not override your
options.
Expand Down
3 changes: 0 additions & 3 deletions doc/node.1
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,6 @@ and servers.

--max-stack-size=val set max v8 stack size (bytes)

--enable-ssl2 enable ssl2 in crypto, tls, and https
modules

--enable-ssl3 enable ssl3 in crypto, tls, and https
modules

Expand Down

0 comments on commit ce58c2c

Please sign in to comment.