diff options
author | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-05-20 14:20:26 +0900 |
---|---|---|
committer | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-05-21 00:02:44 +0900 |
commit | 9b35be58100237365c24ab394d3dc6462f9675e6 (patch) | |
tree | ac88c03df8081d75f6251231e329090c807ed581 /test/parallel/test-tls-dhe.js | |
parent | f0a8bc3f8411c469a7d80244b843446dfd759a36 (diff) | |
download | android-node-v8-9b35be58100237365c24ab394d3dc6462f9675e6.tar.gz android-node-v8-9b35be58100237365c24ab394d3dc6462f9675e6.tar.bz2 android-node-v8-9b35be58100237365c24ab394d3dc6462f9675e6.zip |
tls: make server not use DHE in less than 1024bits
DHE key lengths less than 1024bits is already weaken as pointed out in
https://weakdh.org/ . 1024bits will not be safe in near future. We
will extend this up to 2048bits somedays later.
PR-URL: https://github.com/nodejs/io.js/pull/1739
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Diffstat (limited to 'test/parallel/test-tls-dhe.js')
-rw-r--r-- | test/parallel/test-tls-dhe.js | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index 5c9eb87b2e..92fff3f221 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -62,8 +62,9 @@ function test(keylen, expectedCipher, cb) { } function test512() { - test(512, 'DHE-RSA-AES128-SHA256', test1024); - ntests++; + assert.throws(function() { + test(512, 'DHE-RSA-AES128-SHA256', null); + }, /DH parameter is less than 1024 bits/); } function test1024() { @@ -77,12 +78,13 @@ function test2048() { } function testError() { - test('error', 'ECDHE-RSA-AES128-SHA256', null); + test('error', 'ECDHE-RSA-AES128-SHA256', test512); ntests++; } -test512(); +test1024(); process.on('exit', function() { assert.equal(ntests, nsuccess); + assert.equal(ntests, 3); }); |