This document states that the default curve for the ecdhCurve parameter is prime256v1. https://iojs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener Appendix A of this document indicates that prime256v1 is also known as NIST P-256. http://www.rfc-editor.org/rfc/rfc4492.txt This site indicates that NIST P-256 is not secure. http://safecurves.cr.yp.to/ I recommend that a safe alternative should be chosen as the default and unsafe curves should not be made available. Also posted to nodejs: https://github.com/joyent/node/issues/18205
This document states that the default curve for the ecdhCurve parameter is prime256v1.
https://iojs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
Appendix A of this document indicates that prime256v1 is also known as NIST P-256.
http://www.rfc-editor.org/rfc/rfc4492.txt
This site indicates that NIST P-256 is not secure.
http://safecurves.cr.yp.to/
I recommend that a safe alternative should be chosen as the default and unsafe curves should not be made available.
Also posted to nodejs: nodejs/node-v0.x-archive#18205