@@ -25,8 +25,10 @@ To create a self-signed certificate with the CSR, do this:
2525
2626Alternatively you can send the CSR to a Certificate Authority for signing.
2727
28- (TODO: docs on creating a CA, for now interested users should just look at
29- ` test/fixtures/keys/Makefile ` in the Node source code)
28+ For Perfect Forward Secrecy, it is required to generate Diffie-Hellman
29+ parameters:
30+
31+ openssl dhparam -outform PEM -out dhparam.pem 2048
3032
3133To create .pfx or .p12, do this:
3234
@@ -136,31 +138,20 @@ automatically set as a listener for the [secureConnection][] event. The
136138 - ` crl ` : Either a string or list of strings of PEM encoded CRLs (Certificate
137139 Revocation List)
138140
139- - ` ciphers ` : A string describing the ciphers to use or exclude.
140-
141- To mitigate [ BEAST attacks] it is recommended that you use this option in
142- conjunction with the ` honorCipherOrder ` option described below to
143- prioritize the non-CBC cipher.
144-
145- Defaults to
146- ` ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL ` .
147- Consult the [ OpenSSL cipher list format documentation] for details
148- on the format.
141+ - ` ciphers ` : A string describing the ciphers to use or exclude, seperated by
142+ ` : ` . The default cipher suite is:
149143
150- ` ECDHE-RSA-AES128-SHA256 ` , ` DHE-RSA-AES128-SHA256 ` and
151- ` AES128-GCM-SHA256 ` are TLS v1.2 ciphers and used when io.js is
152- linked against OpenSSL 1.0.1 or newer, such as the bundled version
153- of OpenSSL. Note that it is still possible for a TLS v1.2 client
154- to negotiate a weaker cipher unless ` honorCipherOrder ` is enabled.
144+ ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:
145+ DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:
146+ HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA
155147
156- ` RC4 ` is used as a fallback for clients that speak on older version of
157- the TLS protocol. ` RC4 ` has in recent years come under suspicion and
158- should be considered compromised for anything that is truly sensitive.
159- It is speculated that state-level actors possess the ability to break it.
160-
161- ** NOTE** : Previous revisions of this section suggested ` AES256-SHA ` as an
162- acceptable cipher. Unfortunately, ` AES256-SHA ` is a CBC cipher and therefore
163- susceptible to [ BEAST attacks] . Do * not* use it.
148+ The default cipher suite prefers ECDHE and DHE ciphers for Perfect Forward
149+ secrecy, while offering * some* backward compatibiltity. Old clients which
150+ rely on insecure and deprecated RC4 or DES-based ciphers (like Internet
151+ Explorer 6) aren't able to complete the handshake with the default
152+ configuration. If you absolutely must support these clients, the
153+ [ TLS recommendations] may offer a compatible cipher suite. For more details
154+ on the format, see the [ OpenSSL cipher list format documentation] .
164155
165156 - ` ecdhCurve ` : A string describing a named curve to use for ECDH key agreement
166157 or false to disable ECDH.
@@ -178,11 +169,7 @@ automatically set as a listener for the [secureConnection][] event. The
178169 times out.
179170
180171 - ` honorCipherOrder ` : When choosing a cipher, use the server's preferences
181- instead of the client preferences.
182-
183- Although, this option is disabled by default, it is * recommended* that you
184- use this option in conjunction with the ` ciphers ` option to mitigate
185- BEAST attacks.
172+ instead of the client preferences. Default: ` true ` .
186173
187174 - ` requestCert ` : If ` true ` the server will request a certificate from
188175 clients that connect and attempt to verify that certificate. Default:
@@ -812,3 +799,4 @@ The numeric representation of the local port.
812799[ ECDHE ] : https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
813800[ asn1.js ] : http://npmjs.org/package/asn1.js
814801[ OCSP request ] : http://en.wikipedia.org/wiki/OCSP_stapling
802+ [ TLS recommendations ] : https://wiki.mozilla.org/Security/Server_Side_TLS
0 commit comments