doc: link and expand --tls-cipher-list docs

Link to the cli docs for --tls-cipher-list, and link to and mention that NODE_OPTIONS can also be used. PR-URL: https://github.com/nodejs/node/pull/25174 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
2018-12-21 08:25:17 -08:00 · 2018-12-21 08:25:17 -08:00 · b03ba38a57
commit b03ba38a57
parent ca9c0c90c2
1 changed files with 10 additions and 4 deletions
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@ -169,12 +169,16 @@ HIGH:
 !CAMELLIA
 ```

-This default can be replaced entirely using the `--tls-cipher-list` command
-line switch. For instance, the following makes
-`ECDHE-RSA-AES128-GCM-SHA256:!RC4` the default TLS cipher suite:
+This default can be replaced entirely using the [`--tls-cipher-list`][] command line
+switch (directly, or via the [`NODE_OPTIONS`][] environment variable). For
+instance, the following makes `ECDHE-RSA-AES128-GCM-SHA256:!RC4` the default
+TLS cipher suite:

 ```sh
-node --tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256:!RC4"
+node --tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256:!RC4" server.js
+
+export NODE_OPTIONS=--tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256:!RC4"
+node server.js
 ```

 The default can also be replaced on a per client or server basis using the
@ -1414,6 +1418,8 @@ where `secureSocket` has the same API as `pair.cleartext`.

 [`'secureConnect'`]: #tls_event_secureconnect
 [`'secureConnection'`]: #tls_event_secureconnection
+[`--tls-cipher-list`]: cli.html#cli_tls_cipher_list_list
+[`NODE_OPTIONS`]: cli.html#cli_node_options_options
 [`SSL_CTX_set_timeout`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_timeout.html
 [`crypto.getCurves()`]: crypto.html#crypto_crypto_getcurves
 [`dns.lookup()`]: dns.html#dns_dns_lookup_hostname_options_callback