From 8b7c057ff161664e62b57622ad26b2072cb8a583 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Fri, 1 Apr 2022 12:35:27 +0200 Subject: [PATCH] doc: guide towards x509.fingerprint256 Recommend using x509.fingerprint256 instead of x509.fingerprint and x509.fingerprint512 and suggest using it instead of x509.serialNumber in order to uniquely identify certificates. PR-URL: https://github.com/nodejs/node/pull/42516 Reviewed-By: Luigi Pinca Reviewed-By: Tierney Cyren --- doc/api/crypto.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 1a9c43504e87ae..76ee8097186436 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -2617,6 +2617,10 @@ added: v15.6.0 The SHA-1 fingerprint of this certificate. +Because SHA-1 is cryptographically broken and because the security of SHA-1 is +significantly worse than that of algorithms that are commonly used to sign +certificates, consider using [`x509.fingerprint256`][] instead. + ### `x509.fingerprint256`