Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 70ccc5e

Browse filesBrowse files
tniessenRafaelGSS
tniessen
authored and
RafaelGSS
committed
doc: deprecate modp1, modp2, and modp5 groups
These MODP groups should not be used by new applications, and existing applications should attempt to migrate to stronger groups (or different key exchange mechanisms). Some applications still rely on these particular groups, so Node.js will likely maintain support, directly or indirectly, for the foreseeable future. Refs: #44539 PR-URL: #44588 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
1 parent 1c83824 commit 70ccc5e
Copy full SHA for 70ccc5e

File tree

Expand file treeCollapse file tree

3 files changed

+29
-4
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+29
-4
lines changed
Open diff view settings
Collapse file

‎doc/api/crypto.md‎

Copy file name to clipboardExpand all lines: doc/api/crypto.md
+8-3Lines changed: 8 additions & 3 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -1185,15 +1185,20 @@ const dh = createDiffieHellmanGroup('modp16');
11851185

11861186
The following groups are supported:
11871187

1188-
* `'modp1'` (768 bits, [RFC 2409][] Section 6.1)
1189-
* `'modp2'` (1024 bits, [RFC 2409][] Section 6.2)
1190-
* `'modp5'` (1536 bits, [RFC 3526][] Section 2)
11911188
* `'modp14'` (2048 bits, [RFC 3526][] Section 3)
11921189
* `'modp15'` (3072 bits, [RFC 3526][] Section 4)
11931190
* `'modp16'` (4096 bits, [RFC 3526][] Section 5)
11941191
* `'modp17'` (6144 bits, [RFC 3526][] Section 6)
11951192
* `'modp18'` (8192 bits, [RFC 3526][] Section 7)
11961193

1194+
The following groups are still supported but deprecated (see [Caveats][]):
1195+
1196+
* `'modp1'` (768 bits, [RFC 2409][] Section 6.1) <span class="deprecated-inline"></span>
1197+
* `'modp2'` (1024 bits, [RFC 2409][] Section 6.2) <span class="deprecated-inline"></span>
1198+
* `'modp5'` (1536 bits, [RFC 3526][] Section 2) <span class="deprecated-inline"></span>
1199+
1200+
These deprecated groups might be removed in future versions of Node.js.
1201+
11971202
## Class: `ECDH`
11981203

11991204
<!-- YAML
Collapse file

‎doc/api/deprecations.md‎

Copy file name to clipboardExpand all lines: doc/api/deprecations.md
+19Lines changed: 19 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -3199,9 +3199,28 @@ Package imports and exports targets mapping into paths including a double slash
31993199
error in a future release. This same deprecation also applies to pattern matches
32003200
starting or ending in a slash.
32013201

3202+
### DEP0167: Weak `DiffieHellmanGroup` instances (`modp1`, `modp2`, `modp5`)
3203+
3204+
<!-- YAML
3205+
changes:
3206+
- version: REPLACEME
3207+
pr-url: https://github.com/nodejs/node/pull/44588
3208+
description: Documentation-only deprecation.
3209+
-->
3210+
3211+
Type: Documentation-only
3212+
3213+
The well-known MODP groups `modp1`, `modp2`, and `modp5` are deprecated because
3214+
they are not secure against practical attacks. See [RFC 8247 Section 2.4][] for
3215+
details.
3216+
3217+
These groups might be removed in future versions of Node.js. Applications that
3218+
rely on these groups should evaluate using stronger MODP groups instead.
3219+
32023220
[Legacy URL API]: url.md#legacy-url-api
32033221
[NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
32043222
[RFC 6066]: https://tools.ietf.org/html/rfc6066#section-3
3223+
[RFC 8247 Section 2.4]: https://www.rfc-editor.org/rfc/rfc8247#section-2.4
32053224
[WHATWG URL API]: url.md#the-whatwg-url-api
32063225
[`"exports"` or `"main"` entry]: packages.md#main-entry-point-export
32073226
[`--pending-deprecation`]: cli.md#--pending-deprecation
Collapse file

‎doc/api_assets/style.css‎

Copy file name to clipboardExpand all lines: doc/api_assets/style.css
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -598,7 +598,8 @@ hr {
598598
padding-left: 5rem;
599599
}
600600

601-
#toc .stability_0::after {
601+
#toc .stability_0::after,
602+
.deprecated-inline::after {
602603
background-color: var(--red2);
603604
color: var(--white);
604605
content: "deprecated";

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.