Description
What is the problem this feature will solve?
Currently https://nodejs.org/api/tls.html offers two ways to show cipher suites.
node -p crypto.constants.defaultCoreCipherList | tr ':' '\n' shows the set of default enabled (and disabled) cipher suites in Node.js.
tls.getCiphers() shows the set of supported cipher suites in Node.js.
Enabled and supported cipher suites are not the same (see #42059 (comment) and #42063). Even if a cipher suite is enabled, it might not be supported. And the other way around even if a cipher suite is supported, it might not be enabled.
Many organisations needs to know the exact cipher suites used. We need an intersection of the enabled AND supported cipher suites.
What is the feature you are proposing to solve the problem?
I propose that tls.getCiphers() gets extended with an optional parameter that takes a string/enum such as SUPPORTED (default), ENABLED_AND_SUPPORTED, ENABLED etc.
What alternatives have you considered?
I have found none. There is currently no way to expand the default configured list of cypher suites into a list of all the cipher suites, like the command openssl ciphers does. openssl ciphers converts textual OpenSSL cipher lists into ordered SSL cipher preference lists.
I could run openssl ciphers CIPHERLIST locally on my machine, but the problem with that is that it would use my local openssl CLI's version of the openssl library, and not the built-in openssl library version used in Node.js.
In addition, some of the enabled cipher suites from that list is not even supported as seen from tls.getCiphers() (see #42059 (comment)).