[v11.x backport] tls: add min/max protocol version options #24676
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@sam-github sadly an error occured when I tried to trigger a build :( |
nodejs-github-bot
added
lib / src
sam-github
changed the title
sam-github
force-pushed
the
backport-24405-to-v11.x
branch
from
da30b3f
to
1e29a78
Compare
4 tasks
sam-github
force-pushed
the
backport-24405-to-v11.x
branch
from
1e29a78
to
deea5a0
Compare
|
@nodejs/crypto @nodejs/lts Turns out backporting this is not a trivial git cherry-pick, cleanup, and ci, it will take a couple hours of work. I'll take a shot at it next week. It depends on non-semver-major parts of 60eca6a:
Can I squash the addition of "TLS_method" into this commit? Is it still a "backport" if I do that? |
Does it matter? I think do whatever is easiest, I can see how this is going to be complicated. Thanks for taking it on though! |
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: nodejs#24676 PR-URL: nodejs#24405 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
sam-github
force-pushed
the
backport-24405-to-v11.x
branch
from
deea5a0
to
eabf3e4
Compare
sam-github
added
the
semver-minor
|
Resumed build: https://ci.nodejs.org/job/node-test-pull-request/19226/ ✔️ |
|
@rvagg PTAL |
|
I guess it would actually be possible to also add the cli flags just that they would work the other way around in this case: they would set the minimum to a higher level instead of lowering that. But since that's also possible with the option, I guess it's fine this way and we could also go ahead and backport that later on if we feel like it. |
BridgeAR
pushed a commit
that referenced
this pull request
Dec 5, 2018
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: #24676 PR-URL: #24405 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
|
Landed in 1fba610 🎉 |
BridgeAR
pushed a commit
that referenced
this pull request
Dec 7, 2018
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: #24676 PR-URL: #24405 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
BridgeAR
pushed a commit
that referenced
this pull request
Dec 7, 2018
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: #24676 PR-URL: #24405 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
4 tasks
sam-github
added a commit
to sam-github/node
that referenced
this pull request
Feb 22, 2019
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: nodejs#24676 PR-URL: nodejs#24405 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
4 tasks
sam-github
added a commit
to sam-github/node
that referenced
this pull request
Feb 28, 2019
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: nodejs#24676 PR-URL: nodejs#24405 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.
PR-URL: #24405
Reviewed-By: Refael Ackermann refack@gmail.com
Reviewed-By: Rod Vagg rod@vagg.org
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes