doc: add tls.DEFAULT_ECDH_CURVE #10264
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
doc
silverwind
approved these changes
Dec 15, 2016
italoacasas
reviewed
Dec 16, 2016
| The default curve name to use for ECDH key agreement. The default value is | ||
| `'prime256v1'` (NIST P-256). Consult [RFC 4492] for more details. | ||
|
|
||
|
|
italoacasas
approved these changes
Dec 16, 2016
bnoordhuis
approved these changes
Dec 16, 2016
shigeki
suggested changes
Dec 16, 2016
| @@ -1076,6 +1076,12 @@ For example: | |||
| console.log(tls.getCiphers()); // ['AES128-SHA', 'AES256-SHA', ...] | |||
| ``` | |||
|
|
|||
| ## tls.DEFAULT_ECDH_CURVE | |||
|
|
|||
| The default curve name to use for ECDH key agreement. The default value is | |||
There was a problem hiding this comment.
This is only effective on the key agreement on a tls server. I think that for ECDH key agreement in a tls server. is better.
| ## tls.DEFAULT_ECDH_CURVE | ||
|
|
||
| The default curve name to use for ECDH key agreement. The default value is | ||
| `'prime256v1'` (NIST P-256). Consult [RFC 4492] for more details. |
There was a problem hiding this comment.
RFC4492 seems to be old but the current RFC4492bis is under LastCall and not finished yet. The reference of prime256v1/NIST P-256 in RF4492 is outdated so I think it is better also to add the latest FIPS reference of FIPS.186-4 for NIST P-256. The reference link is also missed.
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -1078,9 +1078,9 @@ console.log(tls.getCiphers()); // ['AES128-SHA', 'AES256-SHA', ...]
## tls.DEFAULT_ECDH_CURVE
-The default curve name to use for ECDH key agreement. The default value is
-`'prime256v1'` (NIST P-256). Consult [RFC 4492] for more details.
-
+The default curve name to use for ECDH key agreement in a tls
+server. The default value is `'prime256v1'` (NIST P-256). Consult [RFC
+4492] and [FIPS.186-4] for more details.
## Deprecated APIs
@@ -1219,3 +1219,5 @@ where `secure_socket` has the same API as `pair.cleartext`.
[`tls.TLSSocket.getPeerCertificate()`]: #tls_tlssocket_getpeercertificate_detailed
[`tls.createSecureContext()`]: #tls_tls_createsecurecontext_options
[`tls.connect()`]: #tls_tls_connect_options_callback
+[RFC 4492]: https://www.rfc-editor.org/rfc/rfc4492.txt
+[FIPS.186-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE.
sam-github
force-pushed
the
doc-default-ecdh-curve
branch
from
12e36b1
to
3b6f83a
Compare
|
@shigeki PTAL, I used your text verbatim, thanks. |
jasnell
approved these changes
Dec 23, 2016
shigeki
approved these changes
Dec 26, 2016
There was a problem hiding this comment.
LGTM.
@sam-github Please rebase the commits in your name not mine.
jasnell
pushed a commit
that referenced
this pull request
Dec 27, 2016
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Italo A. Casas <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
|
Landed in 97ab4b2 |
|
Thanks @jasnell and thanks for rewriting author. |
evanlucas
pushed a commit
that referenced
this pull request
Jan 3, 2017
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Italo A. Casas <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
evanlucas
pushed a commit
that referenced
this pull request
Jan 4, 2017
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Italo A. Casas <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
|
@sam-github does this apply to the v4 and v6 implementation? If so feel free to backport |
sam-github
added a commit
to sam-github/node
that referenced
this pull request
Jan 24, 2017
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: nodejs#10264 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Italo A. Casas <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
4 tasks
|
@MylesBorins this lands clean on v6.x, but isn't in v6.x-staging yet, is there some problem with it? |
|
Its too much energy to backport docs to 4.x. Lands clean on 6.x. |
MylesBorins
pushed a commit
that referenced
this pull request
Mar 7, 2017
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Italo A. Casas <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Mar 9, 2017
A user can change the default curve for ECDH key agreement by using tls.DEFAULT_ECDH_CURVE. PR-URL: #10264 Reviewed-By: Roman Reiss <[email protected]> Reviewed-By: Italo A. Casas <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
Affected core subsystem(s)
doc
Description of change
A user can change the default curve for ECDH key agreement by
using tls.DEFAULT_ECDH_CURVE.
From #1495 (comment), forward-port 02a51cf to master.
/to @shigeki