@@ -1351,20 +1351,13 @@ changes:
1351
1351
* ` maxVersion ` {string} Optionally set the maximum TLS version to allow. One
1352
1352
of ` TLSv1.3 ` , ` TLSv1.2' ` , ` 'TLSv1.1' ` , or ` 'TLSv1' ` . Cannot be specified
1353
1353
along with the ` secureProtocol ` option, use one or the other.
1354
- ** Default:** ` 'TLSv1.2' ` , unless changed using CLI options. Using
1355
- ` --tls-max-v1.2 ` sets the default to ` 'TLSv1.2 ` '. Using ` --tls-max-v1.3 `
1356
- sets the default to ` 'TLSv1.3' ` . If multiple of the options are provided,
1357
- the highest maximum is used.
1354
+ ** Default:** [ ` tls.DEFAULT_MAX_VERSION ` ] [ ] .
1358
1355
* ` minVersion ` {string} Optionally set the minimum TLS version to allow. One
1359
1356
of ` TLSv1.3 ` , ` TLSv1.2' ` , ` 'TLSv1.1' ` , or ` 'TLSv1' ` . Cannot be specified
1360
1357
along with the ` secureProtocol ` option, use one or the other. It is not
1361
1358
recommended to use less than TLSv1.2, but it may be required for
1362
1359
interoperability.
1363
- ** Default:** ` 'TLSv1' ` , unless changed using CLI options. Using
1364
- ` --tls-min-v1.0 ` sets the default to ` 'TLSv1' ` . Using ` --tls-min-v1.1 ` sets
1365
- the default to ` 'TLSv1.1' ` . Using ` --tls-min-v1.3 ` sets the default to
1366
- ` 'TLSv1.3' ` . If multiple of the options are provided, the lowest minimum is
1367
- used.
1360
+ ** Default:** [ ` tls.DEFAULT_MIN_VERSION ` ] [ ] .
1368
1361
* ` passphrase ` {string} Shared passphrase used for a single private key and/or
1369
1362
a PFX.
1370
1363
* ` pfx ` {string|string[ ] |Buffer|Buffer[ ] |Object[ ] } PFX or PKCS12 encoded
@@ -1532,6 +1525,33 @@ The default curve name to use for ECDH key agreement in a tls server. The
1532
1525
default value is ` 'auto' ` . See [ ` tls.createSecureContext() ` ] for further
1533
1526
information.
1534
1527
1528
+ ## tls.DEFAULT_MAX_VERSION
1529
+ <!-- YAML
1530
+ added: v11.4.0
1531
+ -->
1532
+
1533
+ * {string} The default value of the ` maxVersion ` option of
1534
+ [ ` tls.createSecureContext() ` ] [ ] . It can be assigned any of the supported TLS
1535
+ protocol versions, ` TLSv1.3 ` , ` TLSv1.2' ` , ` 'TLSv1.1' ` , or ` 'TLSv1' ` .
1536
+ ** Default:** ` 'TLSv1.2' ` , unless changed using CLI options. Using
1537
+ ` --tls-max-v1.2 ` sets the default to ` 'TLSv1.2 ` '. Using ` --tls-max-v1.3 ` sets
1538
+ the default to ` 'TLSv1.3' ` . If multiple of the options are provided, the
1539
+ highest maximum is used.
1540
+
1541
+ ## tls.DEFAULT_MIN_VERSION
1542
+ <!-- YAML
1543
+ added: v11.4.0
1544
+ -->
1545
+
1546
+ * {string} The default value of the ` minVersion ` option of
1547
+ [ ` tls.createSecureContext() ` ] [ ] . It can be assigned any of the supported TLS
1548
+ protocol versions, ` 'TLSv1.3' ` , ` TLSv1.2' ` , ` 'TLSv1.1' ` , or ` 'TLSv1' ` .
1549
+ ** Default:** ` 'TLSv1' ` , unless changed using CLI options. Using
1550
+ ` --tls-min-v1.0 ` sets the default to ` 'TLSv1' ` . Using ` --tls-min-v1.1 ` sets
1551
+ the default to ` 'TLSv1.1' ` . Using ` --tls-min-v1.3 ` sets the default to
1552
+ ` 'TLSv1.3' ` . If multiple of the options are provided, the lowest minimum is
1553
+ used.
1554
+
1535
1555
## Deprecated APIs
1536
1556
1537
1557
### Class: CryptoStream
@@ -1660,6 +1680,8 @@ where `secureSocket` has the same API as `pair.cleartext`.
1660
1680
[ `server.setTicketKeys()` ] : #tls_server_setticketkeys_keys
1661
1681
[ `socket.setTimeout(timeout)` ] : #net_socket_settimeout_timeout_callback
1662
1682
[ `tls.DEFAULT_ECDH_CURVE` ] : #tls_tls_default_ecdh_curve
1683
+ [ `tls.DEFAULT_MAX_VERSION` ] : #tls_tls_default_max_version
1684
+ [ `tls.DEFAULT_MIN_VERSION` ] : #tls_tls_default_min_version
1663
1685
[ `tls.Server` ] : #tls_class_tls_server
1664
1686
[ `tls.TLSSocket.getPeerCertificate()` ] : #tls_tlssocket_getpeercertificate_detailed
1665
1687
[ `tls.TLSSocket.getSession()` ] : #tls_tlssocket_getsession
0 commit comments