mirror of https://github.com/lukechilds/node.git
Browse Source
Remove support for SSLv2 because of DROWN (CVE-2016-0800). Use of the `--enable-ssl2` flag is now an error; node will print an error message and exit. Fixes: https://github.com/nodejs/LTS/issues/80 PR-URL: https://github.com/nodejs/node/pull/5529 Reviewed-By: Rod Vagg <rod@vagg.org>v0.10
Ben Noordhuis
9 years ago
9 changed files with 51 additions and 103 deletions
@ -0,0 +1,21 @@ |
|||
'use strict'; |
|||
|
|||
var common = require('../common'); |
|||
var assert = require('assert'); |
|||
var spawn = require('child_process').spawn; |
|||
|
|||
var stdout = ''; |
|||
var stderr = ''; |
|||
var proc = spawn(process.execPath, ['--enable-ssl2', '-e', '0']); |
|||
proc.stdout.setEncoding('utf8'); |
|||
proc.stderr.setEncoding('utf8'); |
|||
proc.stdout.on('data', function(data) { stdout += data; }); |
|||
proc.stderr.on('data', function(data) { stderr += data; }); |
|||
proc.on('exit', common.mustCall(function(exitCode, signalCode) { |
|||
assert.strictEqual(exitCode, 12); |
|||
assert.strictEqual(signalCode, null); |
|||
})); |
|||
process.on('exit', function() { |
|||
assert.strictEqual(stdout, ''); |
|||
assert(/Error: --enable-ssl2 is no longer supported/.test(stderr)); |
|||
}); |
@ -0,0 +1,19 @@ |
|||
'use strict'; |
|||
|
|||
var common = require('../common'); |
|||
var assert = require('assert'); |
|||
|
|||
try { |
|||
var crypto = require('crypto'); |
|||
} catch (e) { |
|||
console.log('1..0 # Skipped: missing crypto'); |
|||
return; |
|||
} |
|||
|
|||
var methods = ['SSLv2_method', 'SSLv2_client_method', 'SSLv2_server_method']; |
|||
|
|||
methods.forEach(function(method) { |
|||
assert.throws(function() { |
|||
crypto.createCredentials({ secureProtocol: method }); |
|||
}, /SSLv2 methods disabled/); |
|||
}); |
Loading…
Reference in new issue