From 03f18abf95f9981b9e0e62b775011e718bfea1e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Sun, 8 Jan 2023 14:12:35 +0100
Subject: [PATCH] doc: fix (EC)DHE remark in TLS docs

It is not true that all TLS 1.3 cipher suites use ECDH.

TLS 1.3 allows DH over finite fields instead of elliptic curves.
Also, the key exchange mechanism is independent of the cipher suite
in TLS 1.3.

PR-URL: https://github.com/nodejs/node/pull/46114
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
---
 doc/api/tls.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/api/tls.md b/doc/api/tls.md
index b09f77b99a4351..8db7ac2f193291 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -141,8 +141,8 @@ not required and a default ECDHE curve will be used. The `ecdhCurve` property
 can be used when creating a TLS Server to specify the list of names of supported
 curves to use, see [`tls.createServer()`][] for more info.
 
-Perfect forward secrecy was optional up to TLSv1.2, but it is not optional for
-TLSv1.3, because all TLSv1.3 cipher suites use ECDHE.
+Perfect forward secrecy was optional up to TLSv1.2. As of TLSv1.3, (EC)DHE is
+always used (with the exception of PSK-only connections).
 
 ### ALPN and SNI