tls: provide default cipher list from command line

addaleax · addaleax · commit 1f9761f4cc02 · 2020-04-13T18:48:23.000+02:00
Avoid storing data that depends on command line options on internal bindings. This is generally a cleaner way of accessing CLI options. PR-URL: nodejs#32760 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com>
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -25,6 +25,7 @@
 'use strict';
 
 const {
+  ObjectDefineProperty,
   ObjectDefineProperties,
 } = primordials;
 
@@ -224,6 +225,10 @@ function getFipsForced() {
   return 1;
 }
 
+ObjectDefineProperty(constants, 'defaultCipherList', {
+  value: getOptionValue('--tls-cipher-list')
+});
+
 ObjectDefineProperties(module.exports, {
   createCipher: {
     enumerable: false,
diff --git a/lib/tls.js b/lib/tls.js
@@ -56,8 +56,7 @@ const _tls_wrap = require('_tls_wrap');
 exports.CLIENT_RENEG_LIMIT = 3;
 exports.CLIENT_RENEG_WINDOW = 600;
 
-exports.DEFAULT_CIPHERS =
-    internalBinding('constants').crypto.defaultCipherList;
+exports.DEFAULT_CIPHERS = getOptionValue('--tls-cipher-list');
 
 exports.DEFAULT_ECDH_CURVE = 'auto';
 
diff --git a/src/node_constants.cc b/src/node_constants.cc
@@ -1072,12 +1072,6 @@ void DefineCryptoConstants(Local<Object> target) {
   NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_UNCOMPRESSED);
 
   NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_HYBRID);
-
-  NODE_DEFINE_STRING_CONSTANT(
-      target,
-      "defaultCipherList",
-      per_process::cli_options->tls_cipher_list.c_str());
-
 #endif
 }
 
diff --git a/test/parallel/test-tls-cipher-list.js b/test/parallel/test-tls-cipher-list.js
@@ -8,11 +8,11 @@ const assert = require('assert');
 const spawn = require('child_process').spawn;
 const defaultCoreList = require('crypto').constants.defaultCoreCipherList;
 
-function doCheck(arg, check) {
+function doCheck(arg, expression, check) {
   let out = '';
   arg = arg.concat([
     '-pe',
-    'require("crypto").constants.defaultCipherList'
+    expression
   ]);
   spawn(process.execPath, arg, {})
     .on('error', common.mustNotCall())
@@ -24,7 +24,9 @@ function doCheck(arg, check) {
 }
 
 // Test the default unmodified version
-doCheck([], defaultCoreList);
+doCheck([], 'crypto.constants.defaultCipherList', defaultCoreList);
+doCheck([], 'tls.DEFAULT_CIPHERS', defaultCoreList);
 
 // Test the command line switch by itself
-doCheck(['--tls-cipher-list=ABC'], 'ABC');
+doCheck(['--tls-cipher-list=ABC'], 'crypto.constants.defaultCipherList', 'ABC');
+doCheck(['--tls-cipher-list=ABC'], 'tls.DEFAULT_CIPHERS', 'ABC');
