Skip to content

Commit

Permalink
tls: expose IETF name for current cipher suite
Browse files Browse the repository at this point in the history
OpenSSL has its own legacy names, but knowing the IETF name is useful
when trouble-shooting, or looking for more information on the cipher.

PR-URL: #30637
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
sam-github authored and addaleax committed Dec 3, 2019
1 parent c0905b7 commit a025c5a
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 2 deletions.
15 changes: 13 additions & 2 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -827,16 +827,27 @@ changes:
pr-url: https://github.com/nodejs/node/pull/26625
description: Return the minimum cipher version, instead of a fixed string
(`'TLSv1/SSLv3'`).
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/30637
description: Return the IETF cipher name as `standardName`.
-->

* Returns: {Object}
* `name` {string} The name of the cipher suite.
* `name` {string} OpenSSL name for the cipher suite.
* `standardName` {string} IETF name for the cipher suite.
* `version` {string} The minimum TLS protocol version supported by this cipher
suite.

Returns an object containing information on the negotiated cipher suite.

For example: `{ name: 'AES256-SHA', version: 'TLSv1.2' }`.
For example:
```json
{
"name": "AES128-SHA256",
"standardName": "TLS_RSA_WITH_AES_128_CBC_SHA256",
"version": "TLSv1.2"
}
```

See
[SSL_CIPHER_get_name](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html)
Expand Down
1 change: 1 addition & 0 deletions src/env.h
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,7 @@ constexpr size_t kFsStatsBufferLength =
V(sni_context_string, "sni_context") \
V(source_string, "source") \
V(stack_string, "stack") \
V(standard_name_string, "standardName") \
V(start_time_string, "startTime") \
V(status_string, "status") \
V(stdio_string, "stdio") \
Expand Down
3 changes: 3 additions & 0 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2685,6 +2685,9 @@ void SSLWrap<Base>::GetCipher(const FunctionCallbackInfo<Value>& args) {
const char* cipher_name = SSL_CIPHER_get_name(c);
info->Set(context, env->name_string(),
OneByteString(args.GetIsolate(), cipher_name)).Check();
const char* cipher_standard_name = SSL_CIPHER_standard_name(c);
info->Set(context, env->standard_name_string(),
OneByteString(args.GetIsolate(), cipher_standard_name)).Check();
const char* cipher_version = SSL_CIPHER_get_version(c);
info->Set(context, env->version_string(),
OneByteString(args.GetIsolate(), cipher_version)).Check();
Expand Down
4 changes: 4 additions & 0 deletions test/parallel/test-tls-getcipher.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
}, common.mustCall(function() {
const cipher = this.getCipher();
assert.strictEqual(cipher.name, 'AES128-SHA256');
assert.strictEqual(cipher.standardName, 'TLS_RSA_WITH_AES_128_CBC_SHA256');
assert.strictEqual(cipher.version, 'TLSv1.2');
this.end();
}));
Expand All @@ -65,6 +66,8 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
}, common.mustCall(function() {
const cipher = this.getCipher();
assert.strictEqual(cipher.name, 'ECDHE-RSA-AES128-GCM-SHA256');
assert.strictEqual(cipher.standardName,
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256');
assert.strictEqual(cipher.version, 'TLSv1.2');
this.end();
}));
Expand All @@ -86,6 +89,7 @@ tls.createServer({
}, common.mustCall(() => {
const cipher = client.getCipher();
assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256');
assert.strictEqual(cipher.standardName, cipher.name);
assert.strictEqual(cipher.version, 'TLSv1.3');
client.end();
}));
Expand Down
2 changes: 2 additions & 0 deletions test/parallel/test-tls-multi-key.js
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ function test(options) {
}, common.mustCall(function() {
assert.deepStrictEqual(ecdsa.getCipher(), {
name: 'ECDHE-ECDSA-AES256-GCM-SHA384',
standardName: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
version: 'TLSv1.2'
});
assert.strictEqual(ecdsa.getPeerCertificate().subject.CN, eccCN);
Expand All @@ -175,6 +176,7 @@ function test(options) {
}, common.mustCall(function() {
assert.deepStrictEqual(rsa.getCipher(), {
name: 'ECDHE-RSA-AES256-GCM-SHA384',
standardName: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
version: 'TLSv1.2'
});
assert.strictEqual(rsa.getPeerCertificate().subject.CN, rsaCN);
Expand Down
2 changes: 2 additions & 0 deletions test/parallel/test-tls-multi-pfx.js
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,11 @@ const server = tls.createServer(options, function(conn) {
process.on('exit', function() {
assert.deepStrictEqual(ciphers, [{
name: 'ECDHE-ECDSA-AES256-GCM-SHA384',
standardName: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
version: 'TLSv1.2'
}, {
name: 'ECDHE-RSA-AES256-GCM-SHA384',
standardName: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
version: 'TLSv1.2'
}]);
});

0 comments on commit a025c5a

Please sign in to comment.