Skip to content

Commit

Permalink
crypto: add OP flag constants added in OpenSSL v1.1.1
Browse files Browse the repository at this point in the history
PR-URL: #33929
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
mkrawczuk authored and mildsunrise committed Aug 7, 2020
1 parent 46bef7b commit 3306070
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
25 changes: 25 additions & 0 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -3192,6 +3192,11 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html</a>
for detail.</td>
</tr>
<tr>
<td><code>SSL_OP_ALLOW_NO_DHE_KEX</code></td>
<td>Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode
for TLS v1.3</td>
</tr>
<tr>
<td><code>SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION</code></td>
<td>Allows legacy insecure renegotiation between OpenSSL and unpatched
Expand Down Expand Up @@ -3264,10 +3269,18 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<td><code>SSL_OP_NO_COMPRESSION</code></td>
<td>Instructs OpenSSL to disable support for SSL/TLS compression.</td>
</tr>
<tr>
<td><code>SSL_OP_NO_ENCRYPT_THEN_MAC</code></td>
<td>Instructs OpenSSL to disable encrypt-then-MAC.</td>
</tr>
<tr>
<td><code>SSL_OP_NO_QUERY_MTU</code></td>
<td></td>
</tr>
<tr>
<td><code>SSL_OP_NO_RENEGOTIATION</code></td>
<td>Instructs OpenSSL to disable renegotiation.</td>
</tr>
<tr>
<td><code>SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION</code></td>
<td>Instructs OpenSSL to always start a new session when performing
Expand Down Expand Up @@ -3296,6 +3309,10 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<tr>
<td><code>SSL_OP_NO_TLSv1_2</code></td>
<td>Instructs OpenSSL to turn off TLS v1.2</td>
</tr>
<tr>
<td><code>SSL_OP_NO_TLSv1_3</code></td>
<td>Instructs OpenSSL to turn off TLS v1.3</td>
</tr>
<td><code>SSL_OP_PKCS1_CHECK_1</code></td>
<td></td>
Expand All @@ -3304,6 +3321,14 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<td><code>SSL_OP_PKCS1_CHECK_2</code></td>
<td></td>
</tr>
<tr>
<td><code>SSL_OP_PRIORITIZE_CHACHA</code></td>
<td>Instructs OpenSSL server to prioritize ChaCha20Poly1305
when client does.
This option has no effect if
<code>SSL_OP_CIPHER_SERVER_PREFERENCE</code>
is not enabled.</td>
</tr>
<tr>
<td><code>SSL_OP_SINGLE_DH_USE</code></td>
<td>Instructs OpenSSL to always create a new key when using
Expand Down
20 changes: 20 additions & 0 deletions src/node_constants.cc
Original file line number Diff line number Diff line change
Expand Up @@ -806,6 +806,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_ALL);
#endif

#ifdef SSL_OP_ALLOW_NO_DHE_KEX
NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_NO_DHE_KEX);
#endif

#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
#endif
Expand Down Expand Up @@ -870,10 +874,18 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION);
#endif

#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_ENCRYPT_THEN_MAC);
#endif

#ifdef SSL_OP_NO_QUERY_MTU
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_QUERY_MTU);
#endif

#ifdef SSL_OP_NO_RENEGOTIATION
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_RENEGOTIATION);
#endif

#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
Expand Down Expand Up @@ -902,6 +914,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_2);
#endif

#ifdef SSL_OP_NO_TLSv1_3
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3);
#endif

#ifdef SSL_OP_PKCS1_CHECK_1
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1);
#endif
Expand All @@ -910,6 +926,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2);
#endif

#ifdef SSL_OP_PRIORITIZE_CHACHA
NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA);
#endif

#ifdef SSL_OP_SINGLE_DH_USE
NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE);
#endif
Expand Down

0 comments on commit 3306070

Please sign in to comment.