Lines Matching +full:enable +full:- +full:weak +full:- +full:ssl +full:- +full:ciphers
3 <!--introduced_in=v0.3.6-->
5 > Stability: 2 - Stable
7 <!-- source_link=lib/crypto.js -->
42 <!-- YAML
44 -->
57 <!-- YAML
59 -->
74 <!-- YAML
76 -->
92 <!-- YAML
94 -->
109 > Stability: 0 - Deprecated
127 <!-- YAML
129 -->
144 <!-- YAML
146 -->
161 <!-- YAML
163 -->
177 <!-- YAML
179 -->
200 const algorithm = 'aes-192-cbc';
234 const algorithm = 'aes-192-cbc';
255 const algorithm = 'aes-192-cbc';
272 <!-- YAML
274 -->
286 <!-- YAML
288 -->
299 <!-- YAML
301 -->
319 <!-- YAML
321 -->
332 Disabling automatic padding is useful for non-standard padding, for instance
339 <!-- YAML
342 - version: v6.0.0
343 pr-url: https://github.com/nodejs/node/pull/5522
345 -->
369 <!-- YAML
371 -->
392 const algorithm = 'aes-192-cbc';
427 const algorithm = 'aes-192-cbc';
447 const algorithm = 'aes-192-cbc';
466 <!-- YAML
468 -->
480 <!-- YAML
483 - version: v7.2.0
484 pr-url: https://github.com/nodejs/node/pull/9398
486 -->
504 <!-- YAML
507 - version: v11.0.0
508 pr-url: https://github.com/nodejs/node/pull/17825
510 - version: v7.2.0
511 pr-url: https://github.com/nodejs/node/pull/9398
513 -->
523 is invalid according to [NIST SP 800-38D][] or does not match the value of the
531 <!-- YAML
533 -->
543 multiple of the ciphers block size.
549 <!-- YAML
552 - version: v6.0.0
553 pr-url: https://github.com/nodejs/node/pull/5522
555 -->
578 <!-- YAML
580 -->
582 The `DiffieHellman` class is a utility for creating Diffie-Hellman key
609 <!-- YAML
611 -->
630 <!-- YAML
632 -->
637 Generates private and public Diffie-Hellman key values, and returns
644 <!-- YAML
646 -->
651 Returns the Diffie-Hellman generator in the specified `encoding`.
656 <!-- YAML
658 -->
663 Returns the Diffie-Hellman prime in the specified `encoding`.
668 <!-- YAML
670 -->
675 Returns the Diffie-Hellman private key in the specified `encoding`.
680 <!-- YAML
682 -->
687 Returns the Diffie-Hellman public key in the specified `encoding`.
692 <!-- YAML
694 -->
699 Sets the Diffie-Hellman private key. If the `encoding` argument is provided,
705 <!-- YAML
707 -->
712 Sets the Diffie-Hellman public key. If the `encoding` argument is provided,
718 <!-- YAML
720 -->
734 <!-- YAML
736 -->
738 The `DiffieHellmanGroup` class takes a well-known modp group as its argument.
751 $ perl -ne 'print "$1\n" if /"(modp\d+)"/' src/node_crypto_groups.h
763 <!-- YAML
765 -->
767 The `ECDH` class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)
794 <!-- YAML
796 -->
805 Converts the EC Diffie-Hellman public key specified by `key` and `curve` to the
812 On recent OpenSSL releases, `openssl ecparam -list_curves` will also display
842 <!-- YAML
845 - version: v10.0.0
846 pr-url: https://github.com/nodejs/node/pull/16849
849 - version: v6.0.0
850 pr-url: https://github.com/nodejs/node/pull/5522
852 -->
877 <!-- YAML
879 -->
885 Generates private and public EC Diffie-Hellman key values, and returns
897 <!-- YAML
899 -->
902 * Returns: {Buffer | string} The EC Diffie-Hellman in the specified `encoding`.
908 <!-- YAML
910 -->
914 * Returns: {Buffer | string} The EC Diffie-Hellman public key in the specified
925 <!-- YAML
927 -->
932 Sets the EC Diffie-Hellman private key.
942 <!-- YAML
945 -->
947 > Stability: 0 - Deprecated
952 Sets the EC Diffie-Hellman public key.
989 <!-- YAML
991 -->
1051 <!-- YAML
1053 -->
1086 <!-- YAML
1088 -->
1102 <!-- YAML
1105 - version: v6.0.0
1106 pr-url: https://github.com/nodejs/node/pull/5522
1108 -->
1122 <!-- YAML
1124 -->
1184 <!-- YAML
1186 -->
1199 <!-- YAML
1202 - version: v6.0.0
1203 pr-url: https://github.com/nodejs/node/pull/5522
1205 -->
1219 <!-- YAML
1222 - version: v14.5.0
1223 pr-url: https://github.com/nodejs/node/pull/33360
1226 - version: v11.13.0
1227 pr-url: https://github.com/nodejs/node/pull/26438
1229 -->
1246 <!-- YAML
1249 - version: v13.9.0
1250 pr-url: https://github.com/nodejs/node/pull/31178
1252 - version: v12.0.0
1253 pr-url: https://github.com/nodejs/node/pull/26960
1254 description: Added support for `'rsa-pss'`.
1255 - version: v12.0.0
1256 pr-url: https://github.com/nodejs/node/pull/26786
1259 - version: v12.0.0
1260 pr-url: https://github.com/nodejs/node/pull/26774
1262 - version: v12.0.0
1263 pr-url: https://github.com/nodejs/node/pull/26319
1265 -->
1273 * `'rsa-pss'` (OID 1.2.840.113549.1.1.10)
1286 <!-- YAML
1288 -->
1324 encryption mechanism, PEM-level encryption is not supported when encrypting
1329 <!-- YAML
1331 -->
1339 <!-- YAML
1341 -->
1350 <!-- YAML
1352 -->
1411 <!-- YAML
1414 - version:
1415 - v13.2.0
1416 - v12.16.0
1417 pr-url: https://github.com/nodejs/node/pull/29292
1418 description: This function now supports IEEE-P1363 DSA and ECDSA signatures.
1419 - version: v12.0.0
1420 pr-url: https://github.com/nodejs/node/pull/26960
1421 description: This function now supports RSA-PSS keys.
1422 - version: v11.6.0
1423 pr-url: https://github.com/nodejs/node/pull/24234
1425 - version: v8.0.0
1426 pr-url: https://github.com/nodejs/node/pull/11705
1427 description: Support for RSASSA-PSS and additional options was added.
1428 -->
1438 [`sign.update()`][] or [`sign.write()`][stream-writable-write].
1446 * `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`.
1447 * `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363.
1469 <!-- YAML
1472 - version: v6.0.0
1473 pr-url: https://github.com/nodejs/node/pull/5522
1475 -->
1489 <!-- YAML
1491 -->
1509 <!-- YAML
1512 - version: v6.0.0
1513 pr-url: https://github.com/nodejs/node/pull/5522
1515 -->
1529 <!-- YAML
1532 - version:
1533 - v13.2.0
1534 - v12.16.0
1535 pr-url: https://github.com/nodejs/node/pull/29292
1536 description: This function now supports IEEE-P1363 DSA and ECDSA signatures.
1537 - version: v12.0.0
1538 pr-url: https://github.com/nodejs/node/pull/26960
1539 description: This function now supports RSA-PSS keys.
1540 - version: v11.7.0
1541 pr-url: https://github.com/nodejs/node/pull/25217
1543 - version: v8.0.0
1544 pr-url: https://github.com/nodejs/node/pull/11705
1545 description: Support for RSASSA-PSS and additional options was added.
1546 -->
1565 * `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`.
1566 * `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363.
1597 <!-- YAML
1599 -->
1606 <!-- YAML
1609 -->
1611 > Stability: 0 - Deprecated
1625 <!-- YAML
1628 -->
1630 > Stability: 0 - Deprecated
1639 <!-- YAML
1643 - version: v10.10.0
1644 pr-url: https://github.com/nodejs/node/pull/21447
1645 description: Ciphers in OCB mode are now supported.
1646 - version: v10.2.0
1647 pr-url: https://github.com/nodejs/node/pull/20235
1650 -->
1652 > Stability: 0 - Deprecated: Use [`crypto.createCipheriv()`][] instead.
1663 cipher in CCM or OCB mode is used (e.g. `'aes-128-ccm'`). In that case, the
1670 recent OpenSSL releases, `openssl list -cipher-algorithms`
1671 (`openssl list-cipher-algorithms` for older versions of OpenSSL) will
1682 non-cryptographically secure hash algorithm allow passwords to be tested very
1688 to create the `Cipher` object. Users should not use ciphers with counter mode
1691 vulnerabilities. For the case when IV is reused in GCM, see [Nonce-Disrespecting
1695 <!-- YAML
1698 - version: v11.6.0
1699 pr-url: https://github.com/nodejs/node/pull/24234
1701 - version:
1702 - v11.2.0
1703 - v10.17.0
1704 pr-url: https://github.com/nodejs/node/pull/24081
1705 description: The cipher `chacha20-poly1305` is now supported.
1706 - version: v10.10.0
1707 pr-url: https://github.com/nodejs/node/pull/21447
1708 description: Ciphers in OCB mode are now supported.
1709 - version: v10.2.0
1710 pr-url: https://github.com/nodejs/node/pull/20235
1713 - version: v9.9.0
1714 pr-url: https://github.com/nodejs/node/pull/18644
1715 description: The `iv` parameter may now be `null` for ciphers which do not
1717 -->
1729 cipher in CCM or OCB mode is used (e.g. `'aes-128-ccm'`). In that case, the
1736 recent OpenSSL releases, `openssl list -cipher-algorithms`
1737 (`openssl list-cipher-algorithms` for older versions of OpenSSL) will
1754 <!-- YAML
1758 - version: v10.10.0
1759 pr-url: https://github.com/nodejs/node/pull/21447
1760 description: Ciphers in OCB mode are now supported.
1761 -->
1763 > Stability: 0 - Deprecated: Use [`crypto.createDecipheriv()`][] instead.
1774 cipher in CCM or OCB mode is used (e.g. `'aes-128-ccm'`). In that case, the
1782 non-cryptographically secure hash algorithm allow passwords to be tested very
1791 <!-- YAML
1794 - version: v11.6.0
1795 pr-url: https://github.com/nodejs/node/pull/24234
1797 - version:
1798 - v11.2.0
1799 - v10.17.0
1800 pr-url: https://github.com/nodejs/node/pull/24081
1801 description: The cipher `chacha20-poly1305` is now supported.
1802 - version: v10.10.0
1803 pr-url: https://github.com/nodejs/node/pull/21447
1804 description: Ciphers in OCB mode are now supported.
1805 - version: v10.2.0
1806 pr-url: https://github.com/nodejs/node/pull/20039
1809 - version: v9.9.0
1810 pr-url: https://github.com/nodejs/node/pull/18644
1811 description: The `iv` parameter may now be `null` for ciphers which do not
1813 -->
1825 cipher in CCM or OCB mode is used (e.g. `'aes-128-ccm'`). In that case, the
1832 recent OpenSSL releases, `openssl list -cipher-algorithms`
1833 (`openssl list-cipher-algorithms` for older versions of OpenSSL) will
1850 <!-- YAML
1853 - version: v8.0.0
1854 pr-url: https://github.com/nodejs/node/pull/12223
1856 - version: v8.0.0
1857 pr-url: https://github.com/nodejs/node/pull/11983
1859 - version: v6.0.0
1860 pr-url: https://github.com/nodejs/node/pull/5522
1863 -->
1885 <!-- YAML
1887 -->
1898 <!-- YAML
1900 -->
1908 <!-- YAML
1910 -->
1915 Creates an Elliptic Curve Diffie-Hellman (`ECDH`) key exchange object using a
1918 OpenSSL releases, `openssl ecparam -list_curves` will also display the name
1922 <!-- YAML
1925 - version: v12.8.0
1926 pr-url: https://github.com/nodejs/node/pull/28805
1928 -->
1941 On recent releases of OpenSSL, `openssl list -digest-algorithms`
1942 (`openssl list-message-digest-algorithms` for older versions of OpenSSL) will
1968 <!-- YAML
1971 - version: v11.6.0
1972 pr-url: https://github.com/nodejs/node/pull/24234
1974 -->
1986 On recent releases of OpenSSL, `openssl list -digest-algorithms`
1987 (`openssl list-message-digest-algorithms` for older versions of OpenSSL) will
2016 <!-- YAML
2018 -->
2036 <!-- YAML
2039 - version: v11.13.0
2040 pr-url: https://github.com/nodejs/node/pull/26278
2043 - version: v11.7.0
2044 pr-url: https://github.com/nodejs/node/pull/25217
2046 -->
2071 <!-- YAML
2073 -->
2082 <!-- YAML
2084 -->
2095 algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
2097 algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
2101 <!-- YAML
2103 -->
2115 algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
2117 algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
2121 <!-- YAML
2123 -->
2130 Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`.
2132 (for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).
2135 <!-- YAML
2138 - version: v13.9.0
2139 pr-url: https://github.com/nodejs/node/pull/31178
2140 description: Add support for Diffie-Hellman.
2141 - version: v12.0.0
2142 pr-url: https://github.com/nodejs/node/pull/26774
2144 - version: v12.0.0
2145 pr-url: https://github.com/nodejs/node/pull/26554
2147 - version: v11.6.0
2148 pr-url: https://github.com/nodejs/node/pull/24234
2151 -->
2163 * `groupName`: {string} Diffie-Hellman group name (DH). See
2180 `'pkcs8'` with encryption for long-term storage:
2193 cipher: 'aes-256-cbc',
2208 <!-- YAML
2211 - version: v13.9.0
2212 pr-url: https://github.com/nodejs/node/pull/31178
2213 description: Add support for Diffie-Hellman.
2214 - version: v12.0.0
2215 pr-url: https://github.com/nodejs/node/pull/26554
2217 - version: v11.6.0
2218 pr-url: https://github.com/nodejs/node/pull/24234
2221 -->
2233 * `groupName`: {string} Diffie-Hellman group name (DH). See
2263 cipher: 'aes-256-cbc',
2274 <!-- YAML
2276 -->
2282 const ciphers = crypto.getCiphers();
2283 console.log(ciphers); // ['aes-128-cbc', 'aes-128-ccm', ...]
2287 <!-- YAML
2289 -->
2295 console.log(curves); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]
2299 <!-- YAML
2301 -->
2335 <!-- YAML
2337 -->
2340 currently in use, `0` otherwise. A future semver-major release may change
2344 <!-- YAML
2346 -->
2349 such as `'RSA-SHA256'`. Hash algorithms are also called "digest" algorithms.
2353 console.log(hashes); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
2357 <!-- YAML
2360 - version: v14.0.0
2361 pr-url: https://github.com/nodejs/node/pull/30578
2364 - version: v8.0.0
2365 pr-url: https://github.com/nodejs/node/pull/11305
2367 - version: v6.0.0
2368 pr-url: https://github.com/nodejs/node/pull/4047
2371 - version: v6.0.0
2372 pr-url: https://github.com/nodejs/node/pull/5522
2375 -->
2386 Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
2405 random and at least 16 bytes long. See [NIST SP 800-132][] for details.
2436 <!-- YAML
2439 - version: v14.0.0
2440 pr-url: https://github.com/nodejs/node/pull/30578
2443 - version: v6.0.0
2444 pr-url: https://github.com/nodejs/node/pull/4047
2447 - version: v6.0.0
2448 pr-url: https://github.com/nodejs/node/pull/5522
2451 -->
2460 Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
2476 random and at least 16 bytes long. See [NIST SP 800-132][] for details.
2499 <!-- YAML
2502 - version: v12.11.0
2503 pr-url: https://github.com/nodejs/node/pull/29489
2505 - version: v12.9.0
2506 pr-url: https://github.com/nodejs/node/pull/28335
2508 - version: v11.6.0
2509 pr-url: https://github.com/nodejs/node/pull/24234
2511 -->
2534 <!-- YAML
2537 - version: v11.6.0
2538 pr-url: https://github.com/nodejs/node/pull/24234
2540 -->
2560 <!-- YAML
2563 - version: v11.6.0
2564 pr-url: https://github.com/nodejs/node/pull/24234
2566 -->
2588 <!-- YAML
2591 - version: v12.11.0
2592 pr-url: https://github.com/nodejs/node/pull/29489
2594 - version: v12.9.0
2595 pr-url: https://github.com/nodejs/node/pull/28335
2597 - version: v11.6.0
2598 pr-url: https://github.com/nodejs/node/pull/24234
2600 -->
2629 <!-- YAML
2632 - version: v9.0.0
2633 pr-url: https://github.com/nodejs/node/pull/16454
2636 -->
2644 Generates cryptographically strong pseudo-random data. The `size` argument
2688 <!-- YAML
2690 - v7.10.0
2691 - v6.13.0
2693 - version: v9.0.0
2694 pr-url: https://github.com/nodejs/node/pull/15231
2696 -->
2700 * `size` {number} **Default:** `buffer.length - offset`
2734 <!-- YAML
2736 - v7.10.0
2737 - v6.13.0
2739 - version: v9.0.0
2740 pr-url: https://github.com/nodejs/node/pull/15231
2742 -->
2746 * `size` {number} **Default:** `buffer.length - offset`
2809 <!-- YAML
2811 -->
2820 The range (`max - min`) must be less than 2<sup>48</sup>. `min` and `max` must
2847 <!-- YAML
2849 -->
2862 <!-- YAML
2865 - version:
2866 - v12.8.0
2867 - v10.17.0
2868 pr-url: https://github.com/nodejs/node/pull/28799
2870 - version: v10.9.0
2871 pr-url: https://github.com/nodejs/node/pull/21525
2874 -->
2893 Provides an asynchronous [scrypt][] implementation. Scrypt is a password-based
2895 memory-wise in order to make brute-force attacks unrewarding.
2898 random and at least 16 bytes long. See [NIST SP 800-132][] for details.
2922 <!-- YAML
2925 - version:
2926 - v12.8.0
2927 - v10.17.0
2928 pr-url: https://github.com/nodejs/node/pull/28799
2930 - version: v10.9.0
2931 pr-url: https://github.com/nodejs/node/pull/21525
2934 -->
2951 Provides a synchronous [scrypt][] implementation. Scrypt is a password-based
2953 memory-wise in order to make brute-force attacks unrewarding.
2956 random and at least 16 bytes long. See [NIST SP 800-132][] for details.
2975 <!-- YAML
2977 -->
3002 The flags below are deprecated in OpenSSL-1.1.0.
3009 <!-- YAML
3011 -->
3013 * `bool` {boolean} `true` to enable FIPS mode.
3015 Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build.
3019 <!-- YAML
3022 - version:
3023 - v13.2.0
3024 - v12.16.0
3025 pr-url: https://github.com/nodejs/node/pull/29292
3026 description: This function now supports IEEE-P1363 DSA and ECDSA signatures.
3027 -->
3044 * `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`.
3045 * `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363.
3059 <!-- YAML
3061 -->
3067 This function is based on a constant-time algorithm.
3071 [capability urls](https://www.w3.org/TR/capability-urls/).
3081 is timing-safe. Care should be taken to ensure that the surrounding code does
3085 <!-- YAML
3088 - version:
3089 - v13.2.0
3090 - v12.16.0
3091 pr-url: https://github.com/nodejs/node/pull/29292
3092 description: This function now supports IEEE-P1363 DSA and ECDSA signatures.
3093 -->
3111 * `'der'` (default): DER-encoded ASN.1 signature structure encoding `(r, s)`.
3112 * `'ieee-p1363'`: Signature format `r || s` as proposed in IEEE-P1363.
3145 Usage of `ECDH` with non-dynamically generated key pairs has been simplified.
3158 ### Support for weak or compromised algorithms
3162 the use of ciphers and hashes with a small key size that are too weak for safe
3168 Based on the recommendations of [NIST SP 800-131A][]:
3170 * MD5 and SHA-1 are no longer acceptable where collision resistance is
3190 * The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes.
3219 const cipher = crypto.createCipheriv('aes-192-ccm', key, nonce, {
3232 const decipher = crypto.createDecipheriv('aes-192-ccm', key, nonce, {
3266 …f="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/doc…
3271 <td>Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode
3278 …f="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/doc…
3284 …f="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/doc…
3296 <td>Instructs OpenSSL to add server-hello extension from an early version
3301 <td>Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability
3323 <td>Instructs OpenSSL to disable the workaround for a man-in-the-middle
3324 protocol-version vulnerability in the SSL 2.0 server implementation.</td>
3344 <td>Instructs OpenSSL to disable support for SSL/TLS compression.</td>
3348 <td>Instructs OpenSSL to disable encrypt-then-MAC.</td>
3365 <td>Instructs OpenSSL to turn off SSL v2</td>
3369 <td>Instructs OpenSSL to turn off SSL v3</td>
3466 <td>Limit engine usage to CIPHERS</td>
3492 See the [list of SSL OP Flags][] for details.
3581 <td>Specifies the built-in default cipher list used by Node.js.</td>
3594 [HTML 5.2]: https://www.w3.org/TR/html52/changes.html#features-removed
3595 [HTML5's `keygen` element]: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen
3596 [NIST SP 800-131A]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf
3597 [NIST SP 800-132]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
3598 [NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
3599 [Nonce-Disrespecting Adversaries]: https://github.com/nonce-disrespect/nonce-disrespect
3600 [OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.1.0/apps/openssl-spkac.html
3601 [RFC 1421]: https://www.rfc-editor.org/rfc/rfc1421.txt
3602 [RFC 2412]: https://www.rfc-editor.org/rfc/rfc2412.txt
3603 [RFC 3526]: https://www.rfc-editor.org/rfc/rfc3526.txt
3604 [RFC 3610]: https://www.rfc-editor.org/rfc/rfc3610.txt
3605 [RFC 4055]: https://www.rfc-editor.org/rfc/rfc4055.txt
3606 [RFC 4122]: https://www.rfc-editor.org/rfc/rfc4122.txt
3607 [RFC 5208]: https://www.rfc-editor.org/rfc/rfc5208.txt
3660 [list of SSL OP Flags]: https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#Table_of_Options
3662 [safe integers]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/N…
3665 [stream-writable-write]: stream.md#stream_writable_write_chunk_encoding_callback