This just replaces all sources of openssl-1.0.1u.tar.gz
into deps/openssl/openssl.
PR-URL: https://github.com/nodejs/node/pull/8718
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Myles Borins <mborins@us.ibm.com>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
(cherry picked from commit 9f0f7c38e6df975dd39735d0e9ef968076369c74)
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
DES-CBC-SHA is LOW cipher and disabled by default and it is used in
tests of hornorcipherorder. They are changed as to
- use RC4-SHA instead of DES-CBC-SHA.
- add AES128-SHA to entries to keep the number of ciphers.
- remove tests for non-default cipher because only SEED and IDEA are
available in !RC4:!HIGH:ALL.
Fixes: https://github.com/nodejs/LTS/issues/85
PR-URL: https://github.com/nodejs/node/pull/5712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This replaces all sources of openssl-1.0.1r.tar.gz into
deps/openssl/openssl
PR-URL: https://github.com/nodejs/node/pull/4967
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
PR-URL: https://github.com/nodejs/node/pull/4967
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
deps: separate sha256/sha512-x86_64.pl for openssl
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.
PR: #9451
PR-URL: https://github.com/joyent/node/pull/9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .
PR: #9451
PR-URL: https://github.com/joyent/node/pull/9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
openssl: fix keypress requirement in apps on win32
reapply b910613792
PR: #9451
PR-URL: https://github.com/joyent/node/pull/9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
(cherry picked from commit 9f0f7c38e6df975dd39735d0e9ef968076369c74)
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows.
PR: #25654
PR-URL: https://github.com/joyent/node/pull/25654
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>
This just replaces all sources of openssl-1.0.1p.tar.gz
into deps/openssl/openssl.
PR: #25654
PR-URL: https://github.com/joyent/node/pull/25654
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.
PR: #9451
PR-URL: https://github.com/joyent/node/pull/9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR: #25523
PR-URL: https://github.com/joyent/node/pull/25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h.
PR: #25523
PR-URL: https://github.com/joyent/node/pull/25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>
This just replaces all sources of openssl-1.0.1o.tar.gz into
deps/openssl/openssl.
PR: #25523
PR-URL: https://github.com/joyent/node/pull/25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.
PR: #9451
PR-URL: https://github.com/joyent/node/pull/9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h
PR: #9451
PR-URL: https://github.com/joyent/node/pull/9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
After much investigation it turns out that the affected servers are
buggy. user-service.condenastdigital.com:443 in particular seems to
reject large TLS handshake records. Cutting down the number of
advertised ciphers or disabling SNI fixes the issue.
Similarly, passing { secureOptions: constants.SSL_OP_NO_TLSv1_2 }
seems to fix most connection issues with IIS servers.
Having to work around buggy servers is annoying for our users but not
a reason to downgrade OpenSSL. Therefore, revert it.
This reverts commit 4fdb8acdae.
Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.
Fixes#5360 (and others).
Microsoft's IIS doesn't support it, and is not replying with ServerHello
after receiving ClientHello which contains it.
The good way might be allowing to opt-out this at runtime from
javascript-land, but unfortunately OpenSSL doesn't support it right now.
see #5119
Shigeki Ohtsu
Shigeki Ohtsu
Fedor Indutny
Ben Noordhuis
Andy Polyakov
James M Snell
Fedor Indutny
Andrei Sedoi