-
Notifications
You must be signed in to change notification settings - Fork 845
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow selection of TLS ciphers and options (+ show debugging info in console) #5918
Comments
ciphers are configurable by CLI or programmatically:
What specific configurability are you looking for?
Is nodejs/node@5b55c60 what you are looking for? If so, I'll try to get something like it into node. Not sure if direct printf is OK, or whether a programmatic API that just callbacks the SSL_trace output to JS, and lets the user do with them what they will is the way to go. Do you have opinions? |
Enable the same trace output that the OpenSSL s_client and s_server support with their `-trace` option. This is invaluable when debugging reports of TLS bugs as well as when debugging the internal TLS implementation. See: - nodejs#25383 - nodejs#17936 - postmanlabs/postman-app-support#5918 (comment)
Enable the same trace output that the OpenSSL s_client and s_server support with their `-trace` option. This is invaluable when debugging reports of TLS bugs as well as when debugging the internal TLS implementation. See: - #25383 - #17936 - postmanlabs/postman-app-support#5918 (comment) PR-URL: #27376 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Enable the same trace output that the OpenSSL s_client and s_server support with their `-trace` option. This is invaluable when debugging reports of TLS bugs as well as when debugging the internal TLS implementation. See: - #25383 - #17936 - postmanlabs/postman-app-support#5918 (comment) PR-URL: #27376 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
The commit to nodejs/node might have caused issues with Newman postmanlabs/newman#1991 |
Is this feature live? |
@garyng not yet. We ran into some hiccups with NodeJS and also some UI aspects around incorporating these settings. |
I still don't understand how this is an issue: This is the default cipher list used by NodeJS (https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite) When support all of these... but when we turn off SSLv3 support, POSTMAN can't establish a handshake. Are you SURE that Postman is using the default NodeJS ciphers for TLS? TLS_AES_256_GCM_SHA384: |
We've added support for Request Level Configurations in the latest version of the Postman App which allows to:
Also, all the low-level TLS information is accessible in the Postman Console (Postman v7.10). |
Hi @codenirvana |
@nils-work are you requesting an HTTPS API? can you share the screenshot of your Postman Console (hide sensitive details)? |
Hi @codenirvana I also don't have the globe icon shown on this page, but understand that may be an older version? - I'm interested in seeing and ideally being able to test the cipher being used with a request if possible. Thanks |
@nils-work I see you are behind a proxy and that's why Postman doesn't have all the information about the final request sent. |
Thanks @codenirvana |
@nils-work Network details are not available in the test script at the moment. |
Currently, Postman App does not show helpful debugging information regarding SSL /TLS protocol configuration / state during request and response. As such, it is difficult to distinguish between Postman issues vs handshake issues. Additionally, the TLS configurations and ciphers are not tweakable and as such, results in some specific requests to fail or negotiate an unexpected TLS version.
protocolProfileBehaviour
to control TLSThe text was updated successfully, but these errors were encountered: