This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
tls: added ECDH ciphers support #5854
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -205,6 +205,7 @@ void SecureContext::Initialize(Environment* env, Handle<Object> target) { | |
| NODE_SET_PROTOTYPE_METHOD(t, "addCRL", SecureContext::AddCRL); | ||
| NODE_SET_PROTOTYPE_METHOD(t, "addRootCerts", SecureContext::AddRootCerts); | ||
| NODE_SET_PROTOTYPE_METHOD(t, "setCiphers", SecureContext::SetCiphers); | ||
| NODE_SET_PROTOTYPE_METHOD(t, "setECDHCurve", SecureContext::SetECDHCurve); | ||
| NODE_SET_PROTOTYPE_METHOD(t, "setOptions", SecureContext::SetOptions); | ||
| NODE_SET_PROTOTYPE_METHOD(t, "setSessionIdContext", | ||
| SecureContext::SetSessionIdContext); | ||
|
|
@@ -590,6 +591,33 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) { | |
| } | ||
|
|
||
|
|
||
| void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) { | ||
| HandleScope scope(node_isolate); | ||
|
|
||
| SecureContext* sc = WeakObject::Unwrap<SecureContext>(args.This()); | ||
|
|
||
| if (args.Length() != 1 || !args[0]->IsString()) | ||
|
There was a problem hiding this comment. A similar issue #4317 supports multiple curves being defined here, is that an interesting feature that should be had? There was a problem hiding this comment. I'm wondering if what this pull request does really works. It seems to generate a fixed key for each curve and then uses these for each request. My understanding was that for forward security this key needs to be newly generated for each request. I could be wrong on this and the documentation on |
||
| return ThrowTypeError("First argument should be a string"); | ||
|
|
||
| String::Utf8Value curve(args[0]); | ||
|
|
||
| int nid = OBJ_sn2nid(*curve); | ||
|
|
||
| if (nid == NID_undef) | ||
| return ThrowTypeError("First argument should be a valid curve name"); | ||
|
|
||
| EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid); | ||
|
|
||
| if (!ecdh) | ||
| return ThrowTypeError("First argument should be a valid curve name"); | ||
|
|
||
| SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE); | ||
| SSL_CTX_set_tmp_ecdh(sc->ctx_, ecdh); | ||
|
|
||
| EC_KEY_free(ecdh); | ||
| } | ||
|
|
||
|
|
||
| void SecureContext::SetOptions(const FunctionCallbackInfo<Value>& args) { | ||
| HandleScope scope(node_isolate); | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,16 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICbjCCAdcCCQCahKvPuKcqtTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV | ||
| UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO | ||
| BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMTEgMB4GCSqGSIb3DQEJARYRcnlA | ||
| dGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExODU5WhcNNDAxMjE2MTExODU5WjB9 | ||
| MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK | ||
| EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MTEgMB4G | ||
| CSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD | ||
| gY0AMIGJAoGBAMNQTWAcktNJlmpEbu0xKJzjpI0MJfWZauUg5GXD6/CXRGOEQ/Im | ||
| uqG7Ar23LrFK/y2goHCF+/ffJKaFzJ4iuv2nAlly/HTriQJUtP/dxacfqrC5A1GH | ||
| EYAA/S1VShPUtpljADZWyEemWBzZacC2SQ5cChkXTmqJ9t3wYBSw/guHAgMBAAEw | ||
| DQYJKoZIhvcNAQEFBQADgYEAbuPFhXlMbdYX0XpcPiiRamvO2Qha2GEBRSfqg1Qe | ||
| fZo5oRXlOd+QVh4O8A3AFY06ERKE72Ho01B+KM2MwpJk0izQhmC4a0pks0jrBuyW | ||
| dGoVczyK8eCtbw3Y2uiALV+60EidhCbOqml+3kIDVF0cXkCYi5FVbHRTls7wL0gR | ||
| Fe0= | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,13 @@ | ||
| -----BEGIN CERTIFICATE REQUEST----- | ||
| MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH | ||
| EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD | ||
| EwZhZ2VudDExIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G | ||
| CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDUE1gHJLTSZZqRG7tMSic46SNDCX1mWrl | ||
| IORlw+vwl0RjhEPyJrqhuwK9ty6xSv8toKBwhfv33ySmhcyeIrr9pwJZcvx064kC | ||
| VLT/3cWnH6qwuQNRhxGAAP0tVUoT1LaZYwA2VshHplgc2WnAtkkOXAoZF05qifbd | ||
| 8GAUsP4LhwIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 | ||
| b3JkMA0GCSqGSIb3DQEBBQUAA4GBAFRwfX09wCEqB5fOGTLSAQqK7/Tm47t8TcFy | ||
| PsCoHcYSHCSSthknJgdnK9nQaVVVqVpDRgmUFmcWC27JOAFQLt79FqOYNLGrmvR/ | ||
| ZaRbz3BBi4TBHClalnyBBzaYJJQz16qbT4j48TmzRQvBGR/gT2FpPoLVDWKU+U6E | ||
| oU6hMCpb | ||
| -----END CERTIFICATE REQUEST----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,15 @@ | ||
| -----BEGIN RSA PRIVATE KEY----- | ||
| MIICXAIBAAKBgQDDUE1gHJLTSZZqRG7tMSic46SNDCX1mWrlIORlw+vwl0RjhEPy | ||
| JrqhuwK9ty6xSv8toKBwhfv33ySmhcyeIrr9pwJZcvx064kCVLT/3cWnH6qwuQNR | ||
| hxGAAP0tVUoT1LaZYwA2VshHplgc2WnAtkkOXAoZF05qifbd8GAUsP4LhwIDAQAB | ||
| AoGAJI+nrFIs+fhQe9wLl8MYAyZp6y1W/b6WUAX0O0iNph/q4WYlAfNWBGhpfvIH | ||
| f5C2a+ghoG60WBYhWjq5rvB5aCX/DchIATuaVHgaWcBf7y9NXnWDH9JMtDOTaVI6 | ||
| s7inJwjqIJAHbloa82NGuwz/EN4Ncng6wTmf1gbF6UtOqGECQQD15UNAtpRqpGPz | ||
| xPAZwT3TkY4gYLlZvqn21r/92P5XVbTJXyBTo9pwY4F7o/pNZAQcq3sPUrZW7T4X | ||
| t8nPT4RrAkEAy1bvewVS3U10V8ffzCl7F5WiaTEMa39F4e0QqBKOXdnDS2T1FJZl | ||
| VSVSXiVMd4qFQf4IVgBZCwihS1hpPSo8VQJBAL7vpBY27+4S8k4SaUIGbITBLHR1 | ||
| xtcqFv5F6NUrTuvv8C7Bf++Sdwb4LU4dmTnI5OyCN09Bsba0B5gRLVKd8zsCQAu4 | ||
| AetEHkd0zEy2zzYT+e0dCZQoaH/VgPCJWhlloGDWSQQSWHGMTWC/2uRkH+kPyahI | ||
| /LAAKyGQqMMP4FjPE1UCQAyPkF3dJy+KRZSQ2rz0bpBVGoUV31hl+SvMigCy0yUy | ||
| QwvJxgN14LQJP+pCcuJGaSdiPsOjxqhPX7KMg3SiSlA= | ||
| -----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,16 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICcTCCAdoCCQDTgzSLdDTF0TANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV | ||
| UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO | ||
| BgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MjEgMB4GCSqGSIb3DQEJARYR | ||
| cnlAdGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExOTAwWhcNNDAxMjE2MTExOTAw | ||
| WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYD | ||
| VQQKEwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MjEg | ||
| MB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEB | ||
| BQADgY0AMIGJAoGBAKGYRnu2BdY2R8flqKPLICWO/7NoRVGH4KZBY1uBF/VYXyA2 | ||
| VT5O7461mt6oA372BItGyNxdbMEvQBRcLiXTueKF5D+KYu30bWem6A/AxxYvnqU4 | ||
| tP+uhsXNuGNQTp8i0vBDM/nUx7QGeP1Kda6C936PCNt7wbGPKPNyACNMbnptAgMB | ||
| AAEwDQYJKoZIhvcNAQEFBQADgYEATzjDAPocPA2Jm8wrLBW+fOC478wMo9gT3Y3N | ||
| ZU6fnF2dEPFLNETCMtDxnKhi4hnBpaiZ0fu0oaR1cSDRIVtlyW4azNjny4495C0F | ||
| JLuP5P5pz+rJe+ImKw+mO1ARA9fUAL3VN6/kVXY/EspwWJcLbJ5jdsDmkRbV52hX | ||
| Th4jkAI= | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,13 @@ | ||
| -----BEGIN CERTIFICATE REQUEST----- | ||
| MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH | ||
| EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD | ||
| EwZhZ2VudDIxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G | ||
| CSqGSIb3DQEBAQUAA4GNADCBiQKBgQChmEZ7tgXWNkfH5aijyyAljv+zaEVRh+Cm | ||
| QWNbgRf1WF8gNlU+Tu+OtZreqAN+9gSLRsjcXWzBL0AUXC4l07niheQ/imLt9G1n | ||
| pugPwMcWL56lOLT/robFzbhjUE6fItLwQzP51Me0Bnj9SnWugvd+jwjbe8Gxjyjz | ||
| cgAjTG56bQIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 | ||
| b3JkMA0GCSqGSIb3DQEBBQUAA4GBAEBfLsByEqL79HRr4QwPTARMW51ohh29kCUU | ||
| OunEyxM8Ti3lBPGOePXLBGjq6e/eLmoOfKsOXKjE+Z3Rpj2L0IKJgpBBcvD2BCyM | ||
| 920PdvIHHgWXGSGiDGL/nMbX3SZrYNP/ERawg/Tzqh4QorPj91RKYez9NNLoOncm | ||
| Ug1MI/t9 | ||
| -----END CERTIFICATE REQUEST----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,15 @@ | ||
| -----BEGIN RSA PRIVATE KEY----- | ||
| MIICXQIBAAKBgQChmEZ7tgXWNkfH5aijyyAljv+zaEVRh+CmQWNbgRf1WF8gNlU+ | ||
| Tu+OtZreqAN+9gSLRsjcXWzBL0AUXC4l07niheQ/imLt9G1npugPwMcWL56lOLT/ | ||
| robFzbhjUE6fItLwQzP51Me0Bnj9SnWugvd+jwjbe8GxjyjzcgAjTG56bQIDAQAB | ||
| AoGAd19C6g5731N30T5hRqY+GCC72a90TZc/p/Fz0Vva8/4VP3mDnSS4qMaVIlgh | ||
| RP++OZjPtqI5PbiG8MNrv7vZe0UXlV7oZE0IA+jomUXsplbwMFf6pkrqdyHi+cbm | ||
| rBudhmKeLUgNA6peMGVA83C5g2SMqU5kB+tWzZT7Rs9rsyECQQDWpXxZgULqbFZv | ||
| wjpIDGWjOpQZrv123bJ9TQ+VoskCu4vlyDJqDJPwnscl8NnzpFJriDARn0WrB2sd | ||
| 8GCX1yEpAkEAwLo/MYG5elkNRsE5/vINSIo04Gu6tP/Sd7EBtHYAPHUPjs/MhhVX | ||
| tMIGtACheHMwjGRPyr8pboEp2LEap4GjpQJBALNsy+CJ0+TfwPVU96EIc+GZcvlx | ||
| NMErGyvwwclEtSDKo2vmCHZrozLtlu1ZQueOgbMPuZbRe8w2vEzfhe8HTtkCQAYy | ||
| NrPlwsvPLyEWN0IeEBVD9D0+2WrWSrL0auSdYpaPAOgLgDzTVNWH42VIG+jeczIg | ||
| S3xuNuvJlUnVL9Ew1s0CQQCly+gduXtvOYip1/Stm/65kT7d8ICQgjh0XSPw/kUC | ||
| llVMQY3z1iFCaj/z0Csr0t0kJ534bH7GP3LOoNruV0p9 | ||
| -----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,16 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICbjCCAdcCCQDuvizlIRoS9jANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV | ||
| UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQKEwZKb3llbnQxEDAO | ||
| BgNVBAsTB05vZGUuanMxDDAKBgNVBAMTA2NhMjEgMB4GCSqGSIb3DQEJARYRcnlA | ||
| dGlueWNsb3Vkcy5vcmcwHhcNMTMwODAxMTExOTAwWhcNNDAxMjE2MTExOTAwWjB9 | ||
| MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMQ8wDQYDVQQK | ||
| EwZKb3llbnQxEDAOBgNVBAsTB05vZGUuanMxDzANBgNVBAMTBmFnZW50MzEgMB4G | ||
| CSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD | ||
| gY0AMIGJAoGBAM8KaJS9K/7LKuV1c8Jsliy9o3ubBGHGguBLmtHLgsAhsvbB/lE7 | ||
| cuxbBXPHLgegopcOrbsp4EuHURcN2WAkGcXpBIE5msYOxmImy2FifuUi0Vj4b2Ey | ||
| cpmkADXZrAOygwPw3WH16wNlR/vsL1GFubQ6EIdK4gv9fhBBdMFKm7LRAgMBAAEw | ||
| DQYJKoZIhvcNAQEFBQADgYEAQJHyY0ghxICN5uu8GC9YRygzhiW/6xwKiHTQf9gH | ||
| pET7LrJZhWmAFh19z9CEgvyWe7RQ8SfjHJX3fFZPNIO3OPYWuY+kr6wudBXrcnAj | ||
| XLOj050lMSv3KVWI/TerEDPX1nR+rA2xzp73iJ/SC77Q02JZcVysoBB056nuHp38 | ||
| WNI= | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,13 @@ | ||
| -----BEGIN CERTIFICATE REQUEST----- | ||
| MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH | ||
| EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD | ||
| EwZhZ2VudDMxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G | ||
| CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPCmiUvSv+yyrldXPCbJYsvaN7mwRhxoLg | ||
| S5rRy4LAIbL2wf5RO3LsWwVzxy4HoKKXDq27KeBLh1EXDdlgJBnF6QSBOZrGDsZi | ||
| JsthYn7lItFY+G9hMnKZpAA12awDsoMD8N1h9esDZUf77C9Rhbm0OhCHSuIL/X4Q | ||
| QXTBSpuy0QIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 | ||
| b3JkMA0GCSqGSIb3DQEBBQUAA4GBAKcTs/vSdImZFlC0sBzFjqofQJI8uDZrOhkh | ||
| Stv3k0TmlRB51zSFlOmb0ReZa3JyUzOkpvx1nIl6HeZ1lZFZhAr2WCib31H7iJF/ | ||
| rbUpCjqQ9gBXSaXxQ6QkJSIEjM+QRiDiRQ7Uphq5qsa9uzGTJI9Jv/Ej8h2pYfRD | ||
| eDO3k0+c | ||
| -----END CERTIFICATE REQUEST----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,15 @@ | ||
| -----BEGIN RSA PRIVATE KEY----- | ||
| MIICXQIBAAKBgQDPCmiUvSv+yyrldXPCbJYsvaN7mwRhxoLgS5rRy4LAIbL2wf5R | ||
| O3LsWwVzxy4HoKKXDq27KeBLh1EXDdlgJBnF6QSBOZrGDsZiJsthYn7lItFY+G9h | ||
| MnKZpAA12awDsoMD8N1h9esDZUf77C9Rhbm0OhCHSuIL/X4QQXTBSpuy0QIDAQAB | ||
| AoGBALlX+wl0VCdTX8Jso8WgicvhtLGZs5GIMW9zn1RCmHlBccG/Jtk3nAkE7tuX | ||
| qpg/cG5EQLi1o0paB/jYeAm+J6bMypiXNeakjW8McD55XJuqmotgbZ+IhZQzr0TF | ||
| h7zDBhhzLqIuIAjsQ0H8JFR+p3vrruchCZeQ6jxE05CeSZ/VAkEA8tyL+UvEozCh | ||
| QmokAshXLhZkFn24Ss9//xQ3iu6EE+ZIQyKy87msZhD4/rJ4GO+U1dzG7yQNeym2 | ||
| S+yHSzDUjwJBANo9xPCWBGYFbwZ/GWuwwV6nBjx35//3oEKg4PW11KSHm4cFRWV4 | ||
| JCO0q1sJEQCgzFGvNAwP63/onMJT3y1gcp8CQEgKA7s/LmT519vLgEMTCkkxex7w | ||
| y+nlAyK27ILZnXQJqwW/FTYWrXzZLALhDZ7X8l49zwTAvP77sId08ezr3yECQQCV | ||
| Cvw1Ze5pEirpn+Fnd1YH4z9SCn1phN5wwlf/1gb7uhTQGBx1mJ/ttpQT3tQ6vpXq | ||
| 7yE3X6PwPZbY69iNr8F3AkBbymGXgt66Lv7gdea0UlRFjEWhuP2OC0WOtg4entvZ | ||
| 1KHxsgMNIrYoPjvPq/3ReCZapnKpQfMuR564BCOY4bnX | ||
| -----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,16 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICjDCCAfWgAwIBAgIJAO6+LOUhGhL3MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV | ||
| BAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzANBgNVBAoTBkpveWVu | ||
| dDEQMA4GA1UECxMHTm9kZS5qczEMMAoGA1UEAxMDY2EyMSAwHgYJKoZIhvcNAQkB | ||
| FhFyeUB0aW55Y2xvdWRzLm9yZzAeFw0xMzA4MDExMTE5MDFaFw00MDEyMTYxMTE5 | ||
| MDFaMH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0YxDzAN | ||
| BgNVBAoTBkpveWVudDEQMA4GA1UECxMHTm9kZS5qczEPMA0GA1UEAxMGYWdlbnQ0 | ||
| MSAwHgYJKoZIhvcNAQkBFhFyeUB0aW55Y2xvdWRzLm9yZzCBnzANBgkqhkiG9w0B | ||
| AQEFAAOBjQAwgYkCgYEAmRNV3/oxV+YEXxo0wXHbA45gm4SyPhxlxi0ZXd4Xasmu | ||
| D2u4G57LV3uuEQ7fT34OhiOm1zr/Mv5IE8d3d0upRjpFUru45zxKg4nbqO1e07jM | ||
| 2Yq5awwfk8BZpo7BEYVZ6SOiJO+tq/RFCPoTtjagwsDgUqHw9W7oVxXWeU0NmmMC | ||
| AwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEA | ||
| Ll7QpD8qb6+BshGdca+SBV6lGhQBDYV6BIwU7V6LIsMkyoSLXVO59sdahtLMI9zv | ||
| pIE3IIVztY5/kBLYQxIfR+a1lL4/jraHrZp3mRTyh0nzgT567k+EeD2Q4UG+eDkM | ||
| hcEXm5jGqOm/sMC1Jx/JUIeI3RF2TuV5OhR5Y94tMjM= | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,13 @@ | ||
| -----BEGIN CERTIFICATE REQUEST----- | ||
| MIIB4jCCAUsCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH | ||
| EwJTRjEPMA0GA1UEChMGSm95ZW50MRAwDgYDVQQLEwdOb2RlLmpzMQ8wDQYDVQQD | ||
| EwZhZ2VudDQxIDAeBgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMIGfMA0G | ||
| CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZE1Xf+jFX5gRfGjTBcdsDjmCbhLI+HGXG | ||
| LRld3hdqya4Pa7gbnstXe64RDt9Pfg6GI6bXOv8y/kgTx3d3S6lGOkVSu7jnPEqD | ||
| iduo7V7TuMzZirlrDB+TwFmmjsERhVnpI6Ik762r9EUI+hO2NqDCwOBSofD1buhX | ||
| FdZ5TQ2aYwIDAQABoCUwIwYJKoZIhvcNAQkHMRYTFEEgY2hhbGxlbmdlIHBhc3N3 | ||
| b3JkMA0GCSqGSIb3DQEBBQUAA4GBAG9Jbj7/DGM14TC4kT9BbCF624Tgyo7LdZVa | ||
| b31rd5q3n5DkxorUq3ALlX3AMQ4sgbYYV8SysQSloldpW4TgjXZl2ohMU/xmXhfH | ||
| WPbUk/T3eNVAohzC5YMbSWp5Kgd7T4Q8meyYYYC97akjAbPIY3pkPdxTxFi0lO69 | ||
| dOQSg6cj | ||
| -----END CERTIFICATE REQUEST----- |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I get confused here. PFS in TLS has to do with the initial key-exchange, not the encryption itself. Using ECDH for key exchange is not considered as perfectly forward secure, because the parameters do not change (this is only the case with ECDHE). Also, DHE is considered to offer PFS, but ECDH is not really better than DH. Once your (EC)DH parameters are exposed, encryption keys can be computed from previously collected traffic affecting all past and future connections.
Furthermore, RSA is not in competition for key-exchange, it is used to deliver the certificate(s). It's counterpart is not ECDH but ECDSA. Comparing ECDH and RSA is complete rubbish. You compare a key-exchange method with a cipher. ECDH is not a cipher!
Also, this wording gives the idea that PFS cannot be achieved with RSA, but again DHE_RSA is perfectly forward secure!
Please fix this paragraph.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@FlowLo thank you! You've very interesting insights on this topic, may I ask you to open a pull request for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that it was supported in node v0.10.x. Please try with 0.11.x, it was introduced in bb909.
Seems to be working fine for me. I've checked some articles on this topic and totally agree with your thoughts in the first comment. Only ephemeral Diffie-Hellman provides PFS. And EC* just makes it harder to crack. Please submit a PR to fix this!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are totally right, it runs with 0.11.10, sorry for bothering you! Will write up a PR now, cheers :)