lukechilds/node - node - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Erik Dubbelboer	bb909ad642	tls: add ECDH ciphers support Switch test fixtures to 1024 bit keys.	11 years ago
Nathan Rajlich	5bda2bed37	doc: fix typos in the tls `NPNProtocols` option	11 years ago
Nathan Rajlich	afabdf0e15	doc: specify the format of the `ca` tls option	11 years ago
Fedor Indutny	af76b08666	tls: socket.renegotiate(options, callback) This utility function allows renegotiaion of secure connection after establishing it. fix #2496	12 years ago
Fedor Indutny	048e0e77e0	tls: asynchronous SNICallback Make ClientHelloParser handle SNI extension, and extend `_tls_wrap.js` to support loading SNI Context from both hello, and resumed session. fix #5967	12 years ago
Ben Noordhuis	0de5b831e2	doc: document tls.Server 'secureProtocol' option	12 years ago
Nathan Rajlich	ed5324687e	doc: fix bad markdown parsing in list	12 years ago
Fedor Indutny	07fbb43d78	tls: export TLSSocket	12 years ago
Ben Noordhuis	c1bf89df2e	doc: tls: ECDH ciphers are not supported	12 years ago
Fedor Indutny	212e9cd8c9	tls: session API returns	12 years ago
isaacs	0a4260c8c0	doc: Correct TLS deprecation notices	12 years ago
Fedor Indutny	af80e7bc6e	tls: introduce TLSSocket based on tls_wrap binding Split `tls.js` into `_tls_legacy.js`, containing legacy `createSecurePair` API, and `_tls_wrap.js` containing new code based on `tls_wrap` binding. Remove tests that are no longer useful/valid.	12 years ago
Daniel G. Taylor	30cb9fec91	tls: Add `secureProtocol` docs Add `secureProtocol` parameter docs to the tls.connect method.	12 years ago
Ben Noordhuis	d820b64412	tls: add localAddress and localPort properties Add localAddress and localPort properties to tls.CleartextStream. Like remoteAddress and localPort, delegate to the backing net.Socket object. Refs #5502.	12 years ago
Kyle Robinson Young	889fec3cc8	doc: typo fixes	12 years ago
Manav Rathi	d20576165a	tls: expose SSL_CTX_set_timeout via tls.createServer Add the `sessionTimeout` integral value to the list of options recognized by `tls.createServer`. This option will be useful for applications which need frequently establish short-lived TLS connections to the same endpoint. The TLS tickets RFC is an ideal option to reduce the socket setup overhead for such scenarios, but the default ticket timeout value (5 minutes) is too low to be useful.	12 years ago
Ben Noordhuis	cfd0dca9ae	crypto: make getCiphers() return non-SSL ciphers Commit `f53441a` added crypto.getCiphers() as a function that returns the names of SSL ciphers. Commit `14a6c4e` then added crypto.getHashes(), which returns the names of digest algorithms, but that creates a subtle inconsistency: the return values of crypto.getHashes() are valid arguments to crypto.createHash() but that is not true for crypto.getCiphers() - the returned values are only valid for SSL/TLS functions. Rectify that by adding tls.getCiphers() and making crypto.getCiphers() return proper cipher names.	12 years ago
Andy Burke	595b5974d7	Add bytesWritten to tls.CryptoStream This adds a proxy for bytesWritten to the tls.CryptoStream. This change makes the connection object more similar between HTTP and HTTPS requests in an effort to avoid confusion. See issue #4650 for more background information.	12 years ago
Fedor Indutny	82f1d340c1	tls: make slab buffer's size configurable see #4636	12 years ago
Ben Noordhuis	5b65638124	tls, https: add tls handshake timeout Don't allow connections to stall indefinitely if the SSL/TLS handshake does not complete. Adds a new tls.Server and https.Server configuration option, handshakeTimeout. Fixes #4355.	12 years ago
Ben Noordhuis	0ad005852c	https: fix renegotation attack protection Listen for the 'clientError' event that is emitted when a renegotation attack is detected and close the connection. Fixes test/pummel/test-https-ci-reneg-attack.js	12 years ago
Andreas Madsen	be5a8e24c2	doc: consistent use of the callback argument	12 years ago
Ben Noordhuis	35607f3a2d	tls, https: validate server certificate by default This commit changes the default value of the rejectUnauthorized option from false to true. What that means is that tls.connect(), https.get() and https.request() will reject invalid server certificates from now on, including self-signed certificates. There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED environment variable to the literal string "0", node.js reverts to its old behavior. Fixes #3949.	13 years ago
Fedor Indutny	8e0c830cd0	tls: async session storage	13 years ago
Ben Noordhuis	badbd1af27	tls: update default cipher list Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH in order to mitigate BEAST attacks. The documentation suggested AES256-SHA but unfortunately that's a CBC cipher and therefore susceptible to attacks. Fixes #3900.	13 years ago
Ben Kelly	c6185c8484	doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs.	13 years ago
ssuda	fb7348ae06	crypto: add PKCS12/PFX support Fixes #2845.	13 years ago
Shigeki Ohtsu	0d13142332	tcp: make getsockname() return address family as string	13 years ago
Shigeki Ohtsu	75face6139	doc: fix TLS cipher names	13 years ago
Shigeki Ohtsu	2cf5f040a5	doc: add cleartextStream.getCipher() in tls	13 years ago
isaacs	2d44dcc8be	doc: Add stability indicators to documentation	13 years ago
isaacs	7bfa5cf284	s/streams/stream/	13 years ago
isaacs	c0446edcc2	doc refactor: tls	13 years ago
Blake Miner	7343f8e776	tls: add `honorCipherOrder` option to tls.createServer() Documented how to mitigate BEAST attacks.	13 years ago
isaacs	f9df88c6da	s/streams/stream/	13 years ago
isaacs	c9b35b9923	doc refactor: tls	13 years ago
koichik	2f5e084147	docs: remove duplicate option of tls.connect()	13 years ago
Ben Noordhuis	23c4278e06	docs: fix tls markdown	13 years ago
Ben Noordhuis	3415427dbf	tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded.	13 years ago
koichik	ef50bd2e54	docs: removed unnecessary STARTTLS section	13 years ago
koichik	b19b8836c3	tls: Allow establishing secure connection on the existing socket	13 years ago
Ben Noordhuis	38eec57aef	docs: document tls/crypto `ciphers` option Hitherto undocumented option that lets the user select the list of ciphers to use or exclude in a SSL/TLS session.	13 years ago
koichik	c1a63a9e90	tls: Allow establishing secure connection on the existing socket This is necessary to use SSL over HTTP tunnels. Refs #2259, #2474. Fixes #2489.	13 years ago
Maciej Małecki	0321adbcf4	tls doc: update docs to reflect API change Refs #1983.	13 years ago
koichik	57653added	docs: small changes.	13 years ago
koichik	07c27e040e	tls: Fix node swallows openssl error on request Fixes #2308. Fixes #2246.	13 years ago
koichik	f8c335d0ca	tls: enable rejectUnauthorized option to client Fiexes #2247.	13 years ago
kyle@dontkry.com	34f34e4411	docs: fix typo Fixes #2193.	13 years ago
koichik	f53d092a2a	tls, https: add passphrase option Fixes #1925.	13 years ago
koichik	cbcaeedba9	tls: add address(), remoteAddress/remotePort Fixes #758. Fixes #1055.	13 years ago

1 2

79 Commits (b3e4fc6a48b97b52bd19de43c76b7082dcab4988)