isaacs
0cdf85e28d
Lint all the JavaScripts.
13 years ago
Ben Noordhuis
3415427dbf
tls: mitigate session renegotiation attacks
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
13 years ago
koichik
b19b8836c3
tls: Allow establishing secure connection on the existing socket
13 years ago
Ben Noordhuis
e806ad39d0
net, tls, http: remove socket.ondrain
Replace the ondrain hack with a regular 'drain' listener. Speeds up the
bytes/1024 http benchmark by about 1.2%.
13 years ago
koichik
534df2f8d2
tls: fix double 'error' events on HTTPS Requests
Fixes #2549 .
13 years ago
koichik
c1a63a9e90
tls: Allow establishing secure connection on the existing socket
This is necessary to use SSL over HTTP tunnels.
Refs #2259 , #2474 .
Fixes #2489 .
13 years ago
Maciej Małecki
4b4d059791
tls: make `tls.connect` accept port and host in `options`
Previous API used form:
tls.connect(443, "google.com", options, ...)
now it's replaced with:
tls.connect({port: 443, host: "google.com", ...}, ...)
It simplifies argument parsing in `tls.connect` and makes the API
consistent with other parts.
Fixes #1983 .
13 years ago
koichik
b962ff35dd
tls: fix test-https-client-reject fails
Fixes #2417 .
13 years ago
koichik
07c27e040e
tls: Fix node swallows openssl error on request
Fixes #2308 .
Fixes #2246 .
13 years ago
Ben Noordhuis
7a7f1062bf
tls: remove duplicate assignment
13 years ago
koichik
f8c335d0ca
tls: enable rejectUnauthorized option to client
Fiexes #2247 .
13 years ago
koichik
5451ba3aa8
tls: fix https with fs.openReadStream hangs
Fixes #2185 .
Fixes #2198 .
13 years ago
Ben Noordhuis
5e3b0095de
tls: make cipher list configurable
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.
Fixes #2066 .
13 years ago
koichik
f53d092a2a
tls, https: add passphrase option
Fixes #1925 .
13 years ago
koichik
cbcaeedba9
tls: add address(), remoteAddress/remotePort
Fixes #758 .
Fixes #1055 .
13 years ago
koichik
0e8a55d2a2
tls: does not emit 'end' from EncryptedStream
de09168
and 4cdf9d4
breaks `test/pummel/test-https-large-response.js`.
It is never finished.
Fixes #1936 .
13 years ago
Ryan Dahl
de09168e5a
Emit 'end' from crypto streams on close
Fixes test/simple/test-tls-peer-certificate.js on Windows
Patch from bnoordhuis.
See also 75a0cf970f
13 years ago
koichik
68cc173c6d
tls: The TLS API is inconsistent with the TCP API
Add 'secureConnect' event to tls.CleartextStream.
Fixes #1467 .
13 years ago
koichik
19a855382c
tls: requestCert unusable with Firefox and Chrome
Fixes #1516 .
14 years ago
koichik
4cdf9d4158
tls: Improve TLS flow control
Fixes #1775 .
13 years ago
Ben Noordhuis
243c218c7a
tls: remove superfluous setOptions() call
14 years ago
Sean Cunningham
eb99083d0b
tls: add client-side session resumption support
14 years ago
koichik
6f60683802
tls: x509 certificate subject parsing fail
Fixes #1568 .
14 years ago
Fedor Indutny
942f8b5afb
Add NPN and SNI documentation.
Fixes #1420 .
Fixes #1426 .
14 years ago
Fedor Indutny
9010f5fbab
Add support for TLS SNI
Fixes #1411
14 years ago
Robert Mustacchi
de0b8d601c
jslint cleanup: path.js, readline.js, repl.js, tls.js, tty_win32.js, url.js
14 years ago
Stefan Rusu
901ebed8ff
Fixes #1304 . The Connection instance may be destroyed by abort() when process.nextTick is executed.
14 years ago
Ryan Dahl
9c7f89bf56
CryptoStream.prototype.readyState shoudn't reference fd
Fixes #1069
14 years ago
Fedor Indutny
21724ecaec
Share SSL context between server connections
Fixes #1073 .
14 years ago
Felix Geisendörfer
1fde5f51b4
Make https 'timeout' events bubble up
Also adds a test case for it.
14 years ago
Ryan Dahl
55bff5bab9
TLS: simplify logic
14 years ago
Ryan Dahl
75a0cf970f
cleartextstream.destroy() should destroy socket.
This fixes a critical bug see in MJR's production. Very difficult to build a
test case. Sometimes HTTPS server gets sockets that are hanging in a
half-duplex state.
14 years ago
Fedor Indutny
c9b40da368
OpenSSL NPN in node.js
closes #926 .
14 years ago
Ryan Dahl
bb621f7c2e
CryptoStream.write returns false when queue > 128kb
Previously the return value of write was dependent on if it was paused or
not which was causing a strange error demoed in the previous commit.
Fixes #892
14 years ago
Ryan Dahl
050bbf0bc4
TLS use RC4-SHA by default
14 years ago
Theo Schlossnagle
d6f5b8a2a6
allow setting of ciphers in credentials
fixes #873
14 years ago
Theo Schlossnagle
2a88dd3bc1
TLS: Add secureOptions flag
Also, secureOptions flag was added (and passed through) and allows
the context to have all supported SSL_OP_* set via createCredentials.
All SSL_OP_ flags (outside of ALL) have been added to constants.
14 years ago
Theo Schlossnagle
d0e84b0088
Pass secureProtocol through on tls.Server creation
The secureProtocol option to building the SSL context was not being properly
passed through in the credentials in the tls code. This is fixed.
14 years ago
Ryan Dahl
c0b461d9a1
Increase TLS pool size for perf increase
14 years ago
Ryan Dahl
7e28630f5e
Fix GH-820. CryptoStream.end shouldn't throw if not writable
This matches the behavior of net.Socket
14 years ago
Ryan Dahl
55048cdf79
Update copyright headers
14 years ago
Theo Schlossnagle
e3925b741c
TLS: Finer locks on _cycle.
Data being sent out of order.
14 years ago
Ryan Dahl
62f06fb885
CryptoStream.prototype.destroySoon shouldn't die if not writable
14 years ago
Ryan Dahl
a2f498a5ef
Revert "Add extra debug print statement to tls.js"
This reverts commit 340291c085
.
sometimes circular. would break node_g tests.
14 years ago
Ryan Dahl
340291c085
Add extra debug print statement to tls.js
14 years ago
Ryan Dahl
ab144f4843
Add TODO item
14 years ago
Ryan Dahl
c2a62951f6
TLS sockets should not be writable after 'end'
Closes GH-694.
14 years ago
Ryan Dahl
19b4c27ebf
TLS: Make _cycle reentrant.
14 years ago
Ryan Dahl
c365f56061
https was missing 'end' event sometimes
Closes GH-671.
14 years ago
Theo Schlossnagle
01a864a29d
TLS: CRL support
Needs more tests.
14 years ago