getCipher() actually includes the protocol version that the cipher was
first supported and *not* the negotiated protocol of the current
connection.
PR-URL: https://github.com/nodejs/node/pull/4995
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds a new method for TLS sockets that returns the
negotiated protocol version.
PR-URL: https://github.com/nodejs/node/pull/4995
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Provide links for functions where needed and fix function links style.
PR-URL: https://github.com/nodejs/node/pull/5000
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Roman Klauke <romaaan.git@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This changes the code blocks from 4-space indentation to ``` fences for
better syntax highlighting and future linting support. Minor On-the-fly
changes for typos and highlight breaking markdown have been made.
JSON-Style objects have been changed so their closing bracket is
on the same line as the opening one.
Known issues:
* Not every JSON / object notation has been improved. Should
make another run for this.
* Some example functions break hightlighting due to various
combinations of brackets. However changing them means leaving
the code style.
Fixes: https://github.com/nodejs/node/issues/4726
PR-URL: https://github.com/nodejs/node/pull/4733
Reviewed-By: Roman Reiss <me@silverwind.io>
`clientError` will have `http.Server`-specific behavior, and we don't
want to shadow it in `tls.Server`.
PR-URL: https://github.com/nodejs/node/pull/4557
Reviewed-By: Brian White <mscdex@mscdex.net>
* Use single quotes consistently
* Modernize examples to use template strings and arrow funcs
* Fix a few typos
* Example edits for consistency
PR-URL: https://github.com/nodejs/node/pull/4282
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add `secureContext` option to `tls.connect`. It is useful for caching
client certificates, key, and CA certificates.
PR-URL: https://github.com/nodejs/node/pull/4246
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/4054
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
* add backticks around names
* add single quotes around event names
* add parenthesis after function names
* add internal links between different sections
* add external links to MDN for some JavaScript references
* sort the link definitions alphabetically
PR-URL: https://github.com/nodejs/node/pull/4054
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
FIPS 140-2 disallows use of MD5, which is used to derive the
default sessionIdContext for tls.createServer().
PR-URL: https://github.com/nodejs/node/pull/3866
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
FIPS 140-2 disallows use of MD5, which is used to derive the
default sessionIdContext for tls.createServer().
PR-URL: https://github.com/nodejs/node/pull/3755
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Moved all the URLs in API docs to the bottom of the files as
reference-style links.
PR-URL: https://github.com/nodejs/node/pull/3845
Reviewed-By: James M Snell <jasnell@gmail.com>
Reorders, with no contextual changes, the tls documentation
alphabetically.
PR-URL: https://github.com/nodejs/node/pull/3662
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.
PR-URL: https://github.com/nodejs/node/pull/2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Upon creating a TLSSocket object, set the default isServer option to false
Updated tls docs and added test-tls-socket-default-options
PR-URL: https://github.com/nodejs/node/pull/2614
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Helps in implementation of #6204, where some options passed to
`createSecurePair()` are ignored before this patch.
These options are very helpful if someone wants to pass
`options.servername` or `options.SNICallback` to securepair.
PR-URL: https://github.com/nodejs/node/pull/2441
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Add a new option to specifiy a minimum size of an ephemeral DH
parameter to accept a tls connection. Default is 1024 bit.
PR-URL: https://github.com/nodejs/node/pull/1831
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Returns an object representing a type, name and size of an ephemeral
key exchange in a client connection. Currently only DHE and ECHE are
supported.
This api only works on on a client connection. When it is called on a
server connection, null is returned. When its key exchange is not
ephemeral, an empty object is returned.
PR-URL: https://github.com/nodejs/node/pull/1831
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Markdown requires 4-space indent to correctly format code blocks. This
fixes the example so it's correctly presented as code.
PR-URL: https://github.com/nodejs/node/pull/3372
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
The deprecation messages in the documentations should be in the format
Stability: 0 - Deprecated: Use [alternate] instead.
so that they will be consistent.
PR-URL: https://github.com/nodejs/node/pull/2450
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit replaces instances of io.js with Node.js, based on the
recent convergence. There are some remaining instances of io.js,
related to build and the installer.
Fixes: https://github.com/nodejs/node/issues/2361
PR-URL: https://github.com/nodejs/node/pull/2367
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: João Reis <reis@janeasystems.com>
This adds a new `--tls-cipher-list` command line switch
that can be used to override the built-in default cipher
list. The intent of this is to make it possible to enforce
an alternative default cipher list at the process level.
Overriding the default cipher list is still permitted at
the application level by changing the value of
`require('tls').DEFAULT_CIPHERS`.
As part of the change, the built in default list is moved
out of tls.js and into node_constants.h and node_constants.cc.
Two new constants are added to require('constants'):
* defaultCipherList (the active default cipher list)
* defaultCoreCipherList (the built-in default cipher list)
A test case and doc changes are included.
A new NODE_DEFINE_STRING_CONSTANT macro is also created in
node_internals.h
When node_constants is initialized, it will pick up either
the passed in command line switch or fallback to the default
built-in suite.
Within joyent/node, this change had originaly been wrapped
up with a number of other related commits involving the
removal of the RC4 cipher. This breaks out this isolated
change.
/cc @mhdawson, @misterdjules, @trevnorris, @indutny, @rvagg
Reviewed By: Ben Noordhuis <ben@strongloop.com>
PR-URL: https://github.com/nodejs/node/pull/2412
This adds references to the newly available crypto.getCurves method
where appropriate.
PR-URL: https://github.com/nodejs/io.js/pull/1918
Reviewed-By: Brian White <mscdex@mscdex.net>
Added instructions on how to get the elliptic curves supported by the
OpenSSL installation in the crypto.createECDH() constructor. Also made
a few minor grammar fixes within the same paragraph.
PR-URL: https://github.com/nodejs/io.js/pull/1913
Reviewed-By: Roman Reiss <me@silverwind.io>
DHE key lengths less than 1024bits is already weaken as pointed out in
https://weakdh.org/ . 1024bits will not be safe in near future. We
will extend this up to 2048bits somedays later.
PR-URL: https://github.com/nodejs/io.js/pull/1739
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
AES-GCM or CHACHA20_POLY1305 ciphers must be used in current version of
Chrome to avoid an 'obsolete cryptography' warning.
Prefer 128 bit AES over 192 and 256 bit AES considering attacks that
specifically affect the larger key sizes but do not affect AES 128.
PR-URL: https://github.com/iojs/io.js/pull/1660
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Roman Reiss <me@silverwind.io>
This simplifies the stability index to 4 levels:
0 - deprecated
1 - experimental / feature-flagged
2 - stable
3 - locked
Domains has been downgraded to deprecated, assert has been
downgraded to stable. Timers and Module remain locked. All
other APIs are now stable.
PR-URL: https://github.com/iojs/io.js/pull/943
Fixes: https://github.com/iojs/io.js/issues/930
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
This option has been there for a long time, but has never been
documented. It's functionally identical to the server counterpart.
PR-URL: https://github.com/iojs/io.js/pull/845
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.
Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
SSLv2 has been deprecated and known broken for nearly twenty years now.
I made SSLv2 support opt-in well over a year ago in commit 39aa894 and
now this commit removes it entirely.
PR-URL: https://github.com/iojs/io.js/pull/290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This commit fixes a few grammar issues located
within the doc files for timers and tls.
They primarily include incorrect use of a / an
and a single insertion of a comma.
same as [this PR](https://github.com/joyent/node/pull/8581)
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/76