Skip to content

Commit

Permalink
tls: fix DEP0083 after upgrading to OpenSSL 1.1.0
Browse files Browse the repository at this point in the history
Setting ecdhCurve to false is already unsupported, so the deprecation
should already be EOL. The test was skipped ever since we upgraded to
OpenSSL 1.1.0.

PR-URL: #22953
Refs: #16130
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
  • Loading branch information
tniessen authored and targos committed Sep 24, 2018
1 parent e5efdba commit 4b976df
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 82 deletions.
9 changes: 6 additions & 3 deletions doc/api/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -1628,17 +1628,20 @@ the `REPLServer` itself. Do not use this function.
### DEP0083: Disabling ECDH by setting ecdhCurve to false
<!-- YAML
changes:
- version: v10.0.0
pr-url: https://github.com/nodejs/node/pull/19794
description: End-of-Life.
- version: v9.2.0
pr-url: https://github.com/nodejs/node/pull/16130
description: Runtime deprecation.
-->
Type: Runtime
Type: End-of-Life.
The `ecdhCurve` option to `tls.createSecureContext()` and `tls.TLSSocket` could
be set to `false` to disable ECDH entirely on the server only. This mode is
be set to `false` to disable ECDH entirely on the server only. This mode was
deprecated in preparation for migrating to OpenSSL 1.1.0 and consistency with
the client. Use the `ciphers` parameter instead.
the client and is now unsupported. Use the `ciphers` parameter instead.
<a id="DEP0084"></a>
### DEP0084: requiring bundled internal dependencies
Expand Down
6 changes: 5 additions & 1 deletion doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -1007,6 +1007,10 @@ argument.
<!-- YAML
added: v0.11.13
changes:
- version: v10.0.0
pr-url: https://github.com/nodejs/node/pull/19794
description: The `ecdhCurve` cannot be set to `false` anymore due to a
change in OpenSSL.
- version: v9.3.0
pr-url: https://github.com/nodejs/node/pull/14903
description: The `options` parameter can now include `clientCertEngine`.
Expand Down Expand Up @@ -1060,7 +1064,7 @@ changes:
discarded and DHE ciphers will not be available.
* `ecdhCurve` {string} A string describing a named curve or a colon separated
list of curve NIDs or names, for example `P-521:P-384:P-256`, to use for
ECDH key agreement, or `false` to disable ECDH. Set to `auto` to select the
ECDH key agreement. Set to `auto` to select the
curve automatically. Use [`crypto.getCurves()`][] to obtain a list of
available curve names. On recent releases, `openssl ecparam -list_curves`
will also display the name and description of each available elliptic curve.
Expand Down
12 changes: 0 additions & 12 deletions lib/_tls_common.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,16 +69,6 @@ function validateKeyCert(name, value) {
exports.SecureContext = SecureContext;


function ecdhCurveWarning() {
if (ecdhCurveWarning.emitted) return;
process.emitWarning('{ ecdhCurve: false } is deprecated.',
'DeprecationWarning',
'DEP0083');
ecdhCurveWarning.emitted = true;
}
ecdhCurveWarning.emitted = false;


exports.createSecureContext = function createSecureContext(options, context) {
if (!options) options = {};

Expand Down Expand Up @@ -154,8 +144,6 @@ exports.createSecureContext = function createSecureContext(options, context) {
c.context.setECDHCurve(tls.DEFAULT_ECDH_CURVE);
else if (options.ecdhCurve)
c.context.setECDHCurve(options.ecdhCurve);
else
ecdhCurveWarning();

if (options.dhparam) {
const warning = c.context.setDHParam(options.dhparam);
Expand Down
66 changes: 0 additions & 66 deletions test/parallel/test-tls-ecdh-disable.js

This file was deleted.

0 comments on commit 4b976df

Please sign in to comment.