tls: fix DEP0083 after upgrading to OpenSSL 1.1.0

Setting ecdhCurve to false is already unsupported, so the deprecation should already be EOL. The test was skipped ever since we upgraded to OpenSSL 1.1.0. PR-URL: #22953 Refs: #16130 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
nodejs · Sep 24, 2018 · 4b976df · 4b976df
1 parent e5efdba
commit 4b976df
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 82 deletions.
diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md
@@ -1628,17 +1628,20 @@ the `REPLServer` itself. Do not use this function.
 ### DEP0083: Disabling ECDH by setting ecdhCurve to false
 <!-- YAML
 changes:
+  - version: v10.0.0
+    pr-url: https://github.com/nodejs/node/pull/19794
+    description: End-of-Life.
   - version: v9.2.0
     pr-url: https://github.com/nodejs/node/pull/16130
     description: Runtime deprecation.
 -->
 
-Type: Runtime
+Type: End-of-Life.
 
 The `ecdhCurve` option to `tls.createSecureContext()` and `tls.TLSSocket` could
-be set to `false` to disable ECDH entirely on the server only. This mode is
+be set to `false` to disable ECDH entirely on the server only. This mode was
 deprecated in preparation for migrating to OpenSSL 1.1.0 and consistency with
-the client. Use the `ciphers` parameter instead.
+the client and is now unsupported. Use the `ciphers` parameter instead.
 
 <a id="DEP0084"></a>
 ### DEP0084: requiring bundled internal dependencies

diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -1007,6 +1007,10 @@ argument.
 <!-- YAML
 added: v0.11.13
 changes:
+  - version: v10.0.0
+    pr-url: https://github.com/nodejs/node/pull/19794
+    description: The `ecdhCurve` cannot be set to `false` anymore due to a
+                 change in OpenSSL.
   - version: v9.3.0
     pr-url: https://github.com/nodejs/node/pull/14903
     description: The `options` parameter can now include `clientCertEngine`.
@@ -1060,7 +1064,7 @@ changes:
     discarded and DHE ciphers will not be available.
   * `ecdhCurve` {string} A string describing a named curve or a colon separated
     list of curve NIDs or names, for example `P-521:P-384:P-256`, to use for
-    ECDH key agreement, or `false` to disable ECDH. Set to `auto` to select the
+    ECDH key agreement. Set to `auto` to select the
     curve automatically. Use [`crypto.getCurves()`][] to obtain a list of
     available curve names. On recent releases, `openssl ecparam -list_curves`
     will also display the name and description of each available elliptic curve.

diff --git a/lib/_tls_common.js b/lib/_tls_common.js
@@ -69,16 +69,6 @@ function validateKeyCert(name, value) {
 exports.SecureContext = SecureContext;
 
 
-function ecdhCurveWarning() {
-  if (ecdhCurveWarning.emitted) return;
-  process.emitWarning('{ ecdhCurve: false } is deprecated.',
-                      'DeprecationWarning',
-                      'DEP0083');
-  ecdhCurveWarning.emitted = true;
-}
-ecdhCurveWarning.emitted = false;
-
-
 exports.createSecureContext = function createSecureContext(options, context) {
   if (!options) options = {};
 
@@ -154,8 +144,6 @@ exports.createSecureContext = function createSecureContext(options, context) {
     c.context.setECDHCurve(tls.DEFAULT_ECDH_CURVE);
   else if (options.ecdhCurve)
     c.context.setECDHCurve(options.ecdhCurve);
-  else
-    ecdhCurveWarning();
 
   if (options.dhparam) {
     const warning = c.context.setDHParam(options.dhparam);

diff --git a/test/parallel/test-tls-ecdh-disable.js b/test/parallel/test-tls-ecdh-disable.js