From b8b0a81a83941eb6bf3449d4403c5347a2203d2b Mon Sep 17 00:00:00 2001
From: Yuval Brik <yuval@brik.org.il>
Date: Mon, 25 Apr 2016 22:19:11 +0300
Subject: [PATCH] doc, tls: deprecate createSecurePair

createSecurePair uses tls_legacy and the legacy Connection from
node_crypto.cc. Deprecate them in favor of TLSSocket.
---
 doc/api/tls.md | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/doc/api/tls.md b/doc/api/tls.md
index ae324f8852e2b1..65343bb067c5fe 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -168,6 +168,8 @@ the total bytes written to the socket, *including the TLS overhead*.
 
 ## Class: SecurePair
 
+    Stability: 0 - Deprecated: Use [`tls.TLSSocket`][] instead.
+
 Returned by tls.createSecurePair.
 
 ### Event: 'secure'
@@ -379,9 +381,9 @@ Construct a new TLSSocket object from an existing TCP socket.
 
   - `server`: An optional [`net.Server`][] instance
 
-  - `requestCert`: Optional, see [`tls.createSecurePair()`][]
+  - `requestCert`: Optional, see [`tls.createServer()`][]
 
-  - `rejectUnauthorized`: Optional, see [`tls.createSecurePair()`][]
+  - `rejectUnauthorized`: Optional, see [`tls.createServer()`][]
 
   - `NPNProtocols`: Optional, see [`tls.createServer()`][]
 
@@ -745,6 +747,8 @@ publicly trusted list of CAs as given in
 
 ## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])
 
+    Stability: 0 - Deprecated: Use [`tls.TLSSocket`][] instead.
+
 Creates a new secure pair object with two streams, one of which reads and writes
 the encrypted data and the other of which reads and writes the cleartext data.
 Generally, the encrypted stream is piped to/from an incoming encrypted data
@@ -770,6 +774,19 @@ stream.
 
 NOTE: `cleartext` has the same API as [`tls.TLSSocket`][]
 
+**Deprecated** `tls.createSecurePair()` is now deprecated in favor of
+`tls.TLSSocket()`. For example:
+```
+pair = tls.createSecurePair( ... );
+pair.encrypted.pipe(socket);
+socket.pipe(pair.encrypted);
+```
+can be replaced with:
+```
+secure_socket = tls.TLSSocket(socket, options);
+```
+where `secure_socket` has the same API as `pair.cleartext`.
+
 ## tls.createServer(options[, secureConnectionListener])
 
 Creates a new [tls.Server][].  The `connectionListener` argument is