This repository was archived by the owner on Apr 22, 2023. It is now read-only.
This repository was archived by the owner on Apr 22, 2023. It is now read-only.
TLS Module: The default ecdhCurve, prime256v1 (aka NIST P-256) is not safe. #18205
This document states that the default curve for the ecdhCurve parameter is prime256v1.
https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
Appendix A of this document indicates that prime256v1 is also known as NIST P-256.
http://www.rfc-editor.org/rfc/rfc4492.txt
This site indicates that NIST P-256 is not secure.
http://safecurves.cr.yp.to/
I recommend that a safe alternative should be chosen as the default and unsafe curves should not be made available.