From 9e46666bfb37aff817f3a061b62ab4538be26281 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Sedl=C3=A0=C4=8Dek?= Date: Sun, 3 Feb 2013 12:18:30 +0100 Subject: [PATCH] update TLS doc to reflect absence of ECDHE --- doc/api/tls.markdown | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 28bc05630e66..9f59b24982eb 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -116,6 +116,10 @@ automatically set as a listener for the [secureConnection][] event. The linked against OpenSSL 1.0.1 or newer and the client speaks TLS 1.2, RC4 is used as a secure fallback. + **NOTE**: Cipher suites using ECDHE, including the default + highest-preference suite `ECDHE-RSA-AES128-SHA256`, are not currently + available. + **NOTE**: Previous revisions of this section suggested `AES256-SHA` as an acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore susceptible to BEAST attacks. Do *not* use it.