@@ -40,24 +40,22 @@ To create .pfx or .p12, do this:
4040
4141## Protocol support
4242
43- Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
43+ Node.js is compiled with SSLv3 protocol support by default, but these
4444protocols are ** disabled** . They are considered insecure and could be easily
4545compromised as was shown by [ CVE-2014 -3566] [ ] . However, in some situations, it
4646may cause problems with legacy clients/servers (such as Internet Explorer 6).
47- If you wish to enable SSLv2 or SSLv3, run node with the ` --enable-ssl2 ` or
48- ` --enable-ssl3 ` flag respectively. In future versions of Node.js SSLv2 and
49- SSLv3 will not be compiled in by default.
47+ If you wish to enable SSLv3, run node with the ` --enable-ssl3 ` flag. In future
48+ versions of Node.js SSLv3 will not be compiled in by default.
5049
51- There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
52- specifying ` secureProtocol ` to ` 'SSLv3_method' ` or ` 'SSLv2_method' ` .
50+ There is a way to force node into using SSLv3 only mode by explicitly
51+ specifying ` secureProtocol ` to ` 'SSLv3_method' ` .
5352
5453The default protocol method Node.js uses is ` SSLv23_method ` which would be more
5554accurately named ` AutoNegotiate_method ` . This method will try and negotiate
5655from the highest level down to whatever the client supports. To provide a
5756secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
58- and SSLv2 by setting the ` secureOptions ` to be
59- ` SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2 ` (again, unless you have passed
60- ` --enable-ssl3 ` , or ` --enable-ssl2 ` , or ` SSLv3_method ` as ` secureProtocol ` ).
57+ by setting the ` secureOptions ` to be ` SSL_OP_NO_SSLv3 ` (again, unless you have
58+ passed ` --enable-ssl3 ` , or ` SSLv3_method ` as ` secureProtocol ` ).
6159
6260If you have set ` secureOptions ` to anything, we will not override your
6361options.
0 commit comments