Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

tls: fix default ciphers not used consistently #23947

Closed
wants to merge 2 commits into from
Closed

tls: fix default ciphers not used consistently #23947

wants to merge 2 commits into from

Commits on May 11, 2015

  1. tls: fix default ciphers not used consistently 

    Passing null or undefined for the ciphers value of the options
parameter of tls.connect and https.get/request makes node *not* use the
default ciphers list.

This problem had been fixed in node v0.12 with commit
5d2aef1, but for some reason the fix
hasn't been backported to v0.10.

This change also comes with a test that makes sure that tls/https
clients that don't specify a ciphers suite (or a null or undefined one)
cannot connect to a server that specifies only RC4-MD5 as the available
ciphers suite. This test relies on the fact that RC4-MD5 is not
available in the default ciphers suite, which is the case currently in
the v0.10 branch.
    Julien Gilli committed May 11, 2015
    Configuration menu
    Copy the full SHA
    8f30e88 View commit details
    Browse the repository at this point in the history

  2. test: backport fix ssl/tls options matrix test 

    Backport 408bffe from v0.12.

Now that the default ciphers list is used client side even when
options.ciphers is not set or set to undefined/null, and that the
default ciphers list does not contain RC4 anymore, update the ssl/tls
options matrix tests suite to check that a connection that uses RC4
needs both sides of the connection specifying RC4 in their allowed
ciphers.

Original commit message:

  test: fix ssl/tls options matrix test

  The tests suite available in test/external/ssl-options was originally
  written for security fixes made in the v0.10 branch. In this branch, the
  client's default ciphers list is compatible with SSLv2.

  After merging this change from v0.10 to v0.12, this tests suite was
  broken because commits 5d2aef1 and
  f4c8020 make SSL/TLS clients use a
  default ciphers list that is not compatible with the SSLv2 protocol.

  This change fixes two issues:
  1) The cipher list that was setup for a given test was not passed
  properly to the client.
  2) When either or both of clients/servers were using SSLv2, tests were
  expected to succeed when at least the server end was using SSLv2
  compatible ciphers. Now, tests are expected to succeed only if
  SSLv2 compatible ciphers are used on both ends.

  Fixes nodejs#9020.
    Julien Gilli committed May 11, 2015
    Configuration menu
    Copy the full SHA
    6de65e2 View commit details
    Browse the repository at this point in the history