diff options
author | Anton Gerasimov <agerasimov@twilio.com> | 2019-09-18 16:48:44 +0200 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2019-09-23 23:32:45 -0700 |
commit | 0c32ca96c878488c923022a8828bef541e0df9ae (patch) | |
tree | cc02885d1b3dcd79ba87162dfe771c7b88e265bb /doc/api/tls.md | |
parent | e078e482c5ba41641d85bc3ba136148cc44b4d22 (diff) | |
download | android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.tar.gz android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.tar.bz2 android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.zip |
tls: add option to override signature algorithms
Passes the list down to SSL_CTX_set1_sigalgs_list.
Option to get the list of shared signature algorithms
from a TLS socket added as well for testing.
Signed-off-by: Anton Gerasimov <agerasimov@twilio.com>
PR-URL: https://github.com/nodejs/node/pull/29598
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'doc/api/tls.md')
-rw-r--r-- | doc/api/tls.md | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 34f7aecca8..c9a30d97d7 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -839,7 +839,19 @@ Returns an object containing information on the negotiated cipher suite. For example: `{ name: 'AES256-SHA', version: 'TLSv1.2' }`. See -[OpenSSL](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html) +[SSL_CIPHER_get_name](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html) +for more information. + +### tlsSocket.getSharedSigalgs() +<!-- YAML +added: REPLACEME +--> + +* Returns: {Array} List of signature algorithms shared between the server and +the client in the order of decreasing preference. + +See +[SSL_get_shared_sigalgs](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_shared_sigalgs.html) for more information. ### tlsSocket.getEphemeralKeyInfo() @@ -1346,6 +1358,10 @@ argument. <!-- YAML added: v0.11.13 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/29598 + description: Added `sigalgs` option to override supported signature + algorithms. - version: v12.0.0 pr-url: https://github.com/nodejs/node/pull/26209 description: TLSv1.3 support added. @@ -1406,6 +1422,12 @@ changes: order as their private keys in `key`. If the intermediate certificates are not provided, the peer will not be able to validate the certificate, and the handshake will fail. + * `sigalgs` {string}` Colon-separated list of supported signature algorithms. + The list can contain digest algorithms (`SHA256`, `MD5` etc.), public key + algorithms (`RSA-PSS`, `ECDSA` etc.), combination of both (e.g + 'RSA+SHA384') or TLS v1.3 scheme names (e.g. `rsa_pss_pss_sha512`). + See [OpenSSL man pages](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_sigalgs_list.html) + for more info. * `ciphers` {string} Cipher suite specification, replacing the default. For more information, see [modifying the default cipher suite][]. Permitted ciphers can be obtained via [`tls.getCiphers()`][]. Cipher names must be |