diff --git a/doc/api/tls.md b/doc/api/tls.md index 4274c36d20d..bba044a36d4 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1164,8 +1164,7 @@ added: v0.11.13 --> The default curve name to use for ECDH key agreement in a tls server. The -default value is `'prime256v1'` (NIST P-256). Consult [RFC 4492] and -[FIPS.186-4] for more details. +default value is `'auto'`. See [`tls.createSecureContext()`] for further information. ## Deprecated APIs @@ -1296,13 +1295,11 @@ where `secure_socket` has the same API as `pair.cleartext`. [Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites [DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange [ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman -[FIPS.186-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf [Forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy [OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling [OpenSSL Options]: crypto.html#crypto_openssl_options [OpenSSL cipher list format documentation]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT [Perfect Forward Secrecy]: #tls_perfect_forward_secrecy -[RFC 4492]: https://www.rfc-editor.org/rfc/rfc4492.txt [SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html [SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS [Stream]: stream.html#stream_stream diff --git a/lib/tls.js b/lib/tls.js index a82535df618..5b20cade2e3 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -45,7 +45,7 @@ exports.SLAB_BUFFER_SIZE = 10 * 1024 * 1024; exports.DEFAULT_CIPHERS = process.binding('constants').crypto.defaultCipherList; -exports.DEFAULT_ECDH_CURVE = 'prime256v1'; +exports.DEFAULT_ECDH_CURVE = 'auto'; exports.getCiphers = internalUtil.cachedResult( () => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true) diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js index fcb93aa3b6f..d62e1ac0e17 100644 --- a/test/parallel/test-tls-client-getephemeralkeyinfo.js +++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js @@ -80,7 +80,7 @@ function testDHE2048() { } function testECDHE256() { - test(256, 'ECDH', tls.DEFAULT_ECDH_CURVE, testECDHE512); + test(256, 'ECDH', 'prime256v1', testECDHE512); ntests++; }