archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

tls: add min/max protocol version options

Browse source 
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.

PR-URL: https://github.com/nodejs/node/pull/24405
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This commit is contained in:
Sam Roberts 2018-05-06 13:52:34 +09:00
parent 160ac0f325
commit f512f5ea13
14 changed files with 327 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/tls.js
View file

@ -31,6 +31,7 @@ internalUtil.assertCrypto();
const { isArrayBufferView } = require('internal/util/types');
const net = require('net');
const { getOptionValue } = require('internal/options');
const url = require('url');
const binding = internalBinding('crypto');
const { Buffer } = require('buffer');
@ -53,6 +54,15 @@ exports.DEFAULT_CIPHERS =
exports.DEFAULT_ECDH_CURVE = 'auto';
exports.DEFAULT_MAX_VERSION = 'TLSv1.2';
if (getOptionValue('--tls-v1.0'))
exports.DEFAULT_MIN_VERSION = 'TLSv1';
else if (getOptionValue('--tls-v1.1'))
exports.DEFAULT_MIN_VERSION = 'TLSv1.1';
else
exports.DEFAULT_MIN_VERSION = 'TLSv1.2';
exports.getCiphers = internalUtil.cachedResult(
() => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true)
);