diff options
| author | Sam Roberts <vieuxtech@gmail.com> | 2018-05-06 13:52:34 +0900 |
|---|---|---|
| committer | Sam Roberts <vieuxtech@gmail.com> | 2018-11-22 09:14:58 -0800 |
| commit | f512f5ea138fe86e47c0179d5733044daf6f4fe6 (patch) | |
| tree | 944745196104118f057d4e0834b62422cf72480f /lib/tls.js | |
| parent | 160ac0f32513337214dc5a4cdb1fa8de3c2ed14c (diff) | |
| download | android-node-v8-f512f5ea138fe86e47c0179d5733044daf6f4fe6.tar.gz android-node-v8-f512f5ea138fe86e47c0179d5733044daf6f4fe6.tar.bz2 android-node-v8-f512f5ea138fe86e47c0179d5733044daf6f4fe6.zip | |
tls: add min/max protocol version options
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.
PR-URL: https://github.com/nodejs/node/pull/24405
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'lib/tls.js')
| -rw-r--r-- | lib/tls.js | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/tls.js b/lib/tls.js index d6b86a4103..898e204c53 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -31,6 +31,7 @@ internalUtil.assertCrypto(); const { isArrayBufferView } = require('internal/util/types'); const net = require('net'); +const { getOptionValue } = require('internal/options'); const url = require('url'); const binding = internalBinding('crypto'); const { Buffer } = require('buffer'); @@ -53,6 +54,15 @@ exports.DEFAULT_CIPHERS = exports.DEFAULT_ECDH_CURVE = 'auto'; +exports.DEFAULT_MAX_VERSION = 'TLSv1.2'; + +if (getOptionValue('--tls-v1.0')) + exports.DEFAULT_MIN_VERSION = 'TLSv1'; +else if (getOptionValue('--tls-v1.1')) + exports.DEFAULT_MIN_VERSION = 'TLSv1.1'; +else + exports.DEFAULT_MIN_VERSION = 'TLSv1.2'; + exports.getCiphers = internalUtil.cachedResult( () => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true) ); |