From 5fea00384d1c3142576bee9fd9eb85f9f0d64095 Mon Sep 17 00:00:00 2001 From: Jeetu Suthar Date: Tue, 2 Sep 2025 15:15:11 +0530 Subject: [PATCH] doc: update OpenSSL default security level to 2 The default OpenSSL security level changed from 1 to 2 in OpenSSL 3.2, which was included in Node.js 24.5. This change enforces stricter cryptographic requirements. Fixes: https://github.com/nodejs/node/issues/59715 --- doc/api/tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/tls.md b/doc/api/tls.md index 977c2c601cfdc9..821b56ac3899e4 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -454,7 +454,7 @@ are not enabled by default since they offer less security. The OpenSSL library enforces security levels to control the minimum acceptable level of security for cryptographic operations. OpenSSL's security levels range from 0 to 5, with each level imposing stricter security requirements. The default -security level is 1, which is generally suitable for most modern applications. +security level is 2, which is generally suitable for most modern applications. However, some legacy features and protocols, such as TLSv1, require a lower security level (`SECLEVEL=0`) to function properly. For more detailed information, please refer to the [OpenSSL documentation on security levels][].