@@ -909,7 +909,7 @@ automatically set as a listener for the [`'secureConnection'`][] event. The
909909 - ` ecdhCurve` : A string describing a named curve to use for ECDH key agreement
910910 or false to disable ECDH .
911911
912- Defaults to ` prime256v1 ` ( NIST P - 256 ) . Use [` crypto.getCurves()`
912+ Defaults to [ ` tls.DEFAULT_ECDH_CURVE ` ][] . Use [` crypto.getCurves()`
913913 a list of available curve names . On recent releases,
914914 ` openssl ecparam -list_curves` of
915915 each available elliptic curve.
@@ -1049,6 +1049,15 @@ var ciphers = tls.getCiphers();
10491049console .log (ciphers); // ['AES128-SHA', 'AES256-SHA', ...]
10501050```
10511051
1052+ ## tls.DEFAULT_ECDH_CURVE
1053+ <!-- YAML
1054+ added: v0.11.13
1055+ -->
1056+
1057+ The default curve name to use for ECDH key agreement in a tls server. The
1058+ default value is ` 'prime256v1' ` (NIST P-256). Consult [ RFC 4492] and
1059+ [ FIPS.186-4] for more details.
1060+
10521061[ OpenSSL cipher list format documentation ] : https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT
10531062[ Chrome's 'modern cryptography' setting ] : https://www.chromium.org/Home/chromium-security/education/tls#TOC-Deprecation-of-TLS-Features-Algorithms-in-Chrome
10541063[ specific attacks affecting larger AES key sizes ] : https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
@@ -1074,6 +1083,7 @@ console.log(ciphers); // ['AES128-SHA', 'AES256-SHA', ...]
10741083[ OCSP request ] : https://en.wikipedia.org/wiki/OCSP_stapling
10751084[ TLS recommendations ] : https://wiki.mozilla.org/Security/Server_Side_TLS
10761085[ TLS Session Tickets ] : https://www.ietf.org/rfc/rfc5077.txt
1086+ [ `tls.DEFAULT_ECDH_CURVE` ] : #tls_tls_default_ecdh_curve
10771087[ `tls.TLSSocket.getPeerCertificate()` ] : #tls_tlssocket_getpeercertificate_detailed
10781088[ `tls.createSecureContext()` ] : #tls_tls_createsecurecontext_details
10791089[ `tls.connect()` ] : #tls_tls_connect_options_callback
0 commit comments