diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2019-06-03 11:48:25 -0700 |
---|---|---|
committer | Anna Henningsen <anna@addaleax.net> | 2019-12-03 23:28:38 +0100 |
commit | a025c5a8745637aa5f6e06acab0c15461a920d8e (patch) | |
tree | 7efb124ee33c61471cd7012e674f0266c89eff5c | |
parent | c0905b71adb55cbf98816dd993fec2d7c17ebbfe (diff) | |
download | android-node-v8-a025c5a8745637aa5f6e06acab0c15461a920d8e.tar.gz android-node-v8-a025c5a8745637aa5f6e06acab0c15461a920d8e.tar.bz2 android-node-v8-a025c5a8745637aa5f6e06acab0c15461a920d8e.zip |
tls: expose IETF name for current cipher suite
OpenSSL has its own legacy names, but knowing the IETF name is useful
when trouble-shooting, or looking for more information on the cipher.
PR-URL: https://github.com/nodejs/node/pull/30637
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
-rw-r--r-- | doc/api/tls.md | 15 | ||||
-rw-r--r-- | src/env.h | 1 | ||||
-rw-r--r-- | src/node_crypto.cc | 3 | ||||
-rw-r--r-- | test/parallel/test-tls-getcipher.js | 4 | ||||
-rw-r--r-- | test/parallel/test-tls-multi-key.js | 2 | ||||
-rw-r--r-- | test/parallel/test-tls-multi-pfx.js | 2 |
6 files changed, 25 insertions, 2 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 8fa601096b..7473c11a68 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -827,16 +827,27 @@ changes: pr-url: https://github.com/nodejs/node/pull/26625 description: Return the minimum cipher version, instead of a fixed string (`'TLSv1/SSLv3'`). + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/30637 + description: Return the IETF cipher name as `standardName`. --> * Returns: {Object} - * `name` {string} The name of the cipher suite. + * `name` {string} OpenSSL name for the cipher suite. + * `standardName` {string} IETF name for the cipher suite. * `version` {string} The minimum TLS protocol version supported by this cipher suite. Returns an object containing information on the negotiated cipher suite. -For example: `{ name: 'AES256-SHA', version: 'TLSv1.2' }`. +For example: +```json +{ + "name": "AES128-SHA256", + "standardName": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "version": "TLSv1.2" +} +``` See [SSL_CIPHER_get_name](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html) @@ -351,6 +351,7 @@ constexpr size_t kFsStatsBufferLength = V(sni_context_string, "sni_context") \ V(source_string, "source") \ V(stack_string, "stack") \ + V(standard_name_string, "standardName") \ V(start_time_string, "startTime") \ V(status_string, "status") \ V(stdio_string, "stdio") \ diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 2d965bcbff..3f771793e2 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2685,6 +2685,9 @@ void SSLWrap<Base>::GetCipher(const FunctionCallbackInfo<Value>& args) { const char* cipher_name = SSL_CIPHER_get_name(c); info->Set(context, env->name_string(), OneByteString(args.GetIsolate(), cipher_name)).Check(); + const char* cipher_standard_name = SSL_CIPHER_standard_name(c); + info->Set(context, env->standard_name_string(), + OneByteString(args.GetIsolate(), cipher_standard_name)).Check(); const char* cipher_version = SSL_CIPHER_get_version(c); info->Set(context, env->version_string(), OneByteString(args.GetIsolate(), cipher_version)).Check(); diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js index 624f8efd24..744276aa59 100644 --- a/test/parallel/test-tls-getcipher.js +++ b/test/parallel/test-tls-getcipher.js @@ -52,6 +52,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() { }, common.mustCall(function() { const cipher = this.getCipher(); assert.strictEqual(cipher.name, 'AES128-SHA256'); + assert.strictEqual(cipher.standardName, 'TLS_RSA_WITH_AES_128_CBC_SHA256'); assert.strictEqual(cipher.version, 'TLSv1.2'); this.end(); })); @@ -65,6 +66,8 @@ server.listen(0, '127.0.0.1', common.mustCall(function() { }, common.mustCall(function() { const cipher = this.getCipher(); assert.strictEqual(cipher.name, 'ECDHE-RSA-AES128-GCM-SHA256'); + assert.strictEqual(cipher.standardName, + 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'); assert.strictEqual(cipher.version, 'TLSv1.2'); this.end(); })); @@ -86,6 +89,7 @@ tls.createServer({ }, common.mustCall(() => { const cipher = client.getCipher(); assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256'); + assert.strictEqual(cipher.standardName, cipher.name); assert.strictEqual(cipher.version, 'TLSv1.3'); client.end(); })); diff --git a/test/parallel/test-tls-multi-key.js b/test/parallel/test-tls-multi-key.js index c5e66f3980..b9eaa05d59 100644 --- a/test/parallel/test-tls-multi-key.js +++ b/test/parallel/test-tls-multi-key.js @@ -157,6 +157,7 @@ function test(options) { }, common.mustCall(function() { assert.deepStrictEqual(ecdsa.getCipher(), { name: 'ECDHE-ECDSA-AES256-GCM-SHA384', + standardName: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', version: 'TLSv1.2' }); assert.strictEqual(ecdsa.getPeerCertificate().subject.CN, eccCN); @@ -175,6 +176,7 @@ function test(options) { }, common.mustCall(function() { assert.deepStrictEqual(rsa.getCipher(), { name: 'ECDHE-RSA-AES256-GCM-SHA384', + standardName: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', version: 'TLSv1.2' }); assert.strictEqual(rsa.getPeerCertificate().subject.CN, rsaCN); diff --git a/test/parallel/test-tls-multi-pfx.js b/test/parallel/test-tls-multi-pfx.js index 3b0c059182..c20376a82a 100644 --- a/test/parallel/test-tls-multi-pfx.js +++ b/test/parallel/test-tls-multi-pfx.js @@ -42,9 +42,11 @@ const server = tls.createServer(options, function(conn) { process.on('exit', function() { assert.deepStrictEqual(ciphers, [{ name: 'ECDHE-ECDSA-AES256-GCM-SHA384', + standardName: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', version: 'TLSv1.2' }, { name: 'ECDHE-RSA-AES256-GCM-SHA384', + standardName: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', version: 'TLSv1.2' }]); }); |