doc: fix API descriptions for OpenSSL-1.1.0

Fixes: #4270 PR-URL: #19794 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
nodejs · Apr 9, 2018 · ae096ba · ae096ba
1 parent 970ce14
commit ae096ba
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 22 deletions.
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
@@ -2132,16 +2132,20 @@ is a bit field taking one of or a mix of the following flags (defined in
 * `crypto.constants.ENGINE_METHOD_DSA`
 * `crypto.constants.ENGINE_METHOD_DH`
 * `crypto.constants.ENGINE_METHOD_RAND`
-* `crypto.constants.ENGINE_METHOD_ECDH`
-* `crypto.constants.ENGINE_METHOD_ECDSA`
+* `crypto.constants.ENGINE_METHOD_EC`
 * `crypto.constants.ENGINE_METHOD_CIPHERS`
 * `crypto.constants.ENGINE_METHOD_DIGESTS`
-* `crypto.constants.ENGINE_METHOD_STORE`
 * `crypto.constants.ENGINE_METHOD_PKEY_METHS`
 * `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
 * `crypto.constants.ENGINE_METHOD_ALL`
 * `crypto.constants.ENGINE_METHOD_NONE`
 
+The flags below are deprecated in OpenSSL-1.1.0.
+
+* `crypto.constants.ENGINE_METHOD_ECDH`
+* `crypto.constants.ENGINE_METHOD_ECDSA`
+* `crypto.constants.ENGINE_METHOD_STORE`
+
 ### crypto.setFips(bool)
 <!-- YAML
 added: REPLACEME
@@ -2472,12 +2476,8 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
     <td>Limit engine usage to RAND</td>
   </tr>
   <tr>
-    <td><code>ENGINE_METHOD_ECDH</code></td>
-    <td>Limit engine usage to ECDH</td>
-  </tr>
-  <tr>
-    <td><code>ENGINE_METHOD_ECDSA</code></td>
-    <td>Limit engine usage to ECDSA</td>
+    <td><code>ENGINE_METHOD_EC</code></td>
+    <td>Limit engine usage to EC</td>
   </tr>
   <tr>
     <td><code>ENGINE_METHOD_CIPHERS</code></td>
@@ -2487,10 +2487,6 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
     <td><code>ENGINE_METHOD_DIGESTS</code></td>
     <td>Limit engine usage to DIGESTS</td>
   </tr>
-  <tr>
-    <td><code>ENGINE_METHOD_STORE</code></td>
-    <td>Limit engine usage to STORE</td>
-  </tr>
   <tr>
     <td><code>ENGINE_METHOD_PKEY_METHS</code></td>
     <td>Limit engine usage to PKEY_METHDS</td>
@@ -2609,7 +2605,7 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
 
 
 [`Buffer`]: buffer.html
-[`EVP_BytesToKey`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_BytesToKey.html
+[`EVP_BytesToKey`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_BytesToKey.html
 [`UV_THREADPOOL_SIZE`]: cli.html#cli_uv_threadpool_size_size
 [`cipher.final()`]: #crypto_cipher_final_outputencoding
 [`cipher.update()`]: #crypto_cipher_update_data_inputencoding_outputencoding
@@ -2655,7 +2651,7 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
 [NIST SP 800-132]: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
 [NIST SP 800-38D]: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
 [Nonce-Disrespecting Adversaries]: https://github.com/nonce-disrespect/nonce-disrespect
-[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.0.2/apps/spkac.html
+[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.1.0/apps/openssl-spkac.html
 [RFC 2412]: https://www.rfc-editor.org/rfc/rfc2412.txt
 [RFC 3526]: https://www.rfc-editor.org/rfc/rfc3526.txt
 [RFC 3610]: https://www.rfc-editor.org/rfc/rfc3610.txt

diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -557,7 +557,7 @@ field which always contains the value `'TLSv1/SSLv3'`.
 For example: `{ name: 'AES256-SHA', version: 'TLSv1/SSLv3' }`
 
 See `SSL_CIPHER_get_name()` in
-https://www.openssl.org/docs/man1.0.2/ssl/SSL_CIPHER_get_name.html for more
+https://www.openssl.org/docs/man1.1.0/ssl/SSL_CIPHER_get_name.html for more
 information.
 
 ### tlsSocket.getEphemeralKeyInfo()
@@ -671,7 +671,7 @@ Example responses include:
 * `TLSv1.2`
 * `unknown`
 
-See https://www.openssl.org/docs/man1.0.2/ssl/SSL_get_version.html for more
+See https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_version.html for more
 information.
 
 ### tlsSocket.getSession()
@@ -1071,8 +1071,8 @@ changes:
     [OpenSSL Options][].
   * `secureProtocol` {string} Optional SSL method to use. The possible values
     are listed as [SSL_METHODS][], use the function names as strings.
-    For example, `'SSLv3_method'` to force SSL version 3. **Default:**
-    `'SSLv23_method'`.
+    For example, `'TLSv1_2_method'` to force TLS version 1.2. **Default:**
+    `'TLS_method'`.
   * `sessionIdContext` {string} Optional opaque identifier used by servers to
     ensure session state is not shared between applications. Unused by clients.
 
@@ -1364,10 +1364,10 @@ where `secure_socket` has the same API as `pair.cleartext`.
 [Forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy
 [OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling
 [OpenSSL Options]: crypto.html#crypto_openssl_options
-[OpenSSL cipher list format documentation]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT
+[OpenSSL cipher list format documentation]: https://www.openssl.org/docs/man1.1.0/apps/ciphers.html#CIPHER-LIST-FORMAT
 [Perfect Forward Secrecy]: #tls_perfect_forward_secrecy
-[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html
-[SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
+[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_timeout.html
+[SSL_METHODS]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html#Dealing-with-Protocol-Methods
 [Stream]: stream.html#stream_stream
 [TLS Session Tickets]: https://www.ietf.org/rfc/rfc5077.txt
 [TLS recommendations]: https://wiki.mozilla.org/Security/Server_Side_TLS