diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index e79ebadd062..57d1db9a199 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -142,14 +142,16 @@ automatically set as a listener for the [secureConnection][] event. The conjunction with the `honorCipherOrder` option described below to prioritize the non-CBC cipher. - Defaults to `ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH`. - Consult the [OpenSSL cipher list format documentation] for details on the - format. - - `ECDHE-RSA-AES128-SHA256` and `AES128-GCM-SHA256` are TLS v1.2 ciphers and - used when node.js is linked against OpenSSL 1.0.1 or newer, such as the - bundled version of OpenSSL. Note that it is still possible for a TLS v1.2 - client to negotiate a weaker cipher unless `honorCipherOrder` is enabled. + Defaults to + `ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL`. + Consult the [OpenSSL cipher list format documentation] for details + on the format. + + `ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and + `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when node.js is + linked against OpenSSL 1.0.1 or newer, such as the bundled version + of OpenSSL. Note that it is still possible for a TLS v1.2 client + to negotiate a weaker cipher unless `honorCipherOrder` is enabled. `RC4` is used as a fallback for clients that speak on older version of the TLS protocol. `RC4` has in recent years come under suspicion and diff --git a/lib/tls.js b/lib/tls.js index c47d17f42e2..eff5d313e9f 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -33,8 +33,10 @@ exports.CLIENT_RENEG_WINDOW = 600; exports.SLAB_BUFFER_SIZE = 10 * 1024 * 1024; exports.DEFAULT_CIPHERS = - 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:' + // TLS 1.2 - 'RC4:HIGH:!MD5:!aNULL:!EDH'; // TLS 1.0 + // TLS 1.2 + 'ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:' + + // TLS 1.0 + 'RC4:HIGH:!MD5:!aNULL'; exports.DEFAULT_ECDH_CURVE = 'prime256v1';