@@ -905,6 +905,9 @@ port or host argument.
905905<!-- YAML
906906added: v0.11.13
907907changes:
908+ - version: REPLACEME
909+ pr-url: https://github.com/nodejs/node/pull/6569
910+ description: The `options` parameter can now include `clientCertEngine`.
908911 - version: v7.3.0
909912 pr-url: https://github.com/nodejs/node/pull/10294
910913 description: If the `key` option is an array, individual entries do not
@@ -959,8 +962,6 @@ changes:
959962 certificate can match or chain to.
960963 For self-signed certificates, the certificate is its own CA, and must be
961964 provided.
962- * ` crl ` {string|string[ ] |Buffer|Buffer[ ] } Optional PEM formatted
963- CRLs (Certificate Revocation Lists).
964965 * ` ciphers ` {string} Optional cipher suite specification, replacing the
965966 default. For more information, see [ modifying the default cipher suite] [ ] .
966967 * ` honorCipherOrder ` {boolean} Attempt to use the server's cipher suite
@@ -974,20 +975,24 @@ changes:
974975 [ ` crypto.getCurves() ` ] [ ] to obtain a list of available curve names. On
975976 recent releases, ` openssl ecparam -list_curves ` will also display the name
976977 and description of each available elliptic curve.
978+ * ` clientCertEngine ` {string} Optional name of an OpenSSL engine which can
979+ provide the client certificate.
980+ * ` crl ` {string|string[ ] |Buffer|Buffer[ ] } Optional PEM formatted
981+ CRLs (Certificate Revocation Lists).
977982 * ` dhparam ` {string|Buffer} Diffie Hellman parameters, required for
978983 [ Perfect Forward Secrecy] [ ] . Use ` openssl dhparam ` to create the parameters.
979984 The key length must be greater than or equal to 1024 bits, otherwise an
980985 error will be thrown. It is strongly recommended to use 2048 bits or larger
981986 for stronger security. If omitted or invalid, the parameters are silently
982987 discarded and DHE ciphers will not be available.
983- * ` secureProtocol ` {string} Optional SSL method to use, default is
984- ` "SSLv23_method" ` . The possible values are listed as [ SSL_METHODS] [ ] , use
985- the function names as strings. For example, ` "SSLv3_method" ` to force SSL
986- version 3.
987988 * ` secureOptions ` {number} Optionally affect the OpenSSL protocol behavior,
988989 which is not usually necessary. This should be used carefully if at all!
989990 Value is a numeric bitmask of the ` SSL_OP_* ` options from
990991 [ OpenSSL Options] [ ] .
992+ * ` secureProtocol ` {string} Optional SSL method to use, default is
993+ ` "SSLv23_method" ` . The possible values are listed as [ SSL_METHODS] [ ] , use
994+ the function names as strings. For example, ` "SSLv3_method" ` to force SSL
995+ version 3.
991996 * ` sessionIdContext ` {string} Optional opaque identifier used by servers to
992997 ensure session state is not shared between applications. Unused by clients.
993998
@@ -1015,6 +1020,9 @@ publicly trusted list of CAs as given in
10151020<!-- YAML
10161021added: v0.3.2
10171022changes:
1023+ - version: REPLACEME
1024+ pr-url: https://github.com/nodejs/node/pull/6569
1025+ description: The `options` parameter can now include `clientCertEngine`.
10181026 - version: v8.0.0
10191027 pr-url: https://github.com/nodejs/node/pull/11984
10201028 description: The `ALPNProtocols` and `NPNProtocols` options can
@@ -1025,6 +1033,8 @@ changes:
10251033-->
10261034
10271035* ` options ` {Object}
1036+ * ` clientCertEngine ` {string} Optional name of an OpenSSL engine which can
1037+ provide the client certificate.
10281038 * ` handshakeTimeout ` {number} Abort the connection if the SSL/TLS handshake
10291039 does not finish in the specified number of milliseconds. Defaults to ` 120 `
10301040 seconds. A ` 'tlsClientError' ` is emitted on the ` tls.Server ` object whenever
0 commit comments