1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: add honorCipherOrder argument

Browse Source 
Add `honorCipherOrder` argument to `crypto.createCredentials`.

fix #7249
This commit is contained in:
Fedor Indutny 2014-06-25 14:47:59 +04:00
parent e50749bb05
commit c147e81091
No known key found for this signature in database
GPG Key ID: FB0E1095B1797999
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/api/tls.markdown
View File

@ -436,6 +436,9 @@ dictionary with keys:
Consult Consult
<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT> <http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT>
for details on the format. for details on the format.
* `honorCipherOrder` : When choosing a cipher, use the server's preferences
instead of the client preferences. For further details see `tls` module
documentation.
If no 'ca' details are given, then node.js will use the default If no 'ca' details are given, then node.js will use the default
publicly trusted list of CAs as given in publicly trusted list of CAs as given in
@ -608,7 +611,8 @@ more information.
Add secure context that will be used if client request's SNI hostname is Add secure context that will be used if client request's SNI hostname is
matching passed `hostname` (wildcards can be used). `context` can contain matching passed `hostname` (wildcards can be used). `context` can contain
`key`, `cert` and `ca`. `key`, `cert`, `ca` and/or any other properties from `tls.createSecureContext`
`options` argument.
### server.maxConnections ### server.maxConnections

9
lib/_tls_common.js
View File

@ -20,6 +20,7 @@
// USE OR OTHER DEALINGS IN THE SOFTWARE. // USE OR OTHER DEALINGS IN THE SOFTWARE.
var util = require('util'); var util = require('util');
var constants = require('constants');
var tls = require('tls'); var tls = require('tls');
// Lazily loaded // Lazily loaded
@ -54,9 +55,11 @@ exports.SecureContext = SecureContext;
exports.createSecureContext = function createSecureContext(options, context) { exports.createSecureContext = function createSecureContext(options, context) {
if (!options) options = {}; if (!options) options = {};
var c = new SecureContext(options.secureProtocol, var secureOptions = options.secureOptions;
options.secureOptions, if (options.honorCipherOrder)
context); secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
var c = new SecureContext(options.secureProtocol, secureOptions, context);
if (context) return c; if (context) return c;

8
lib/_tls_wrap.js
View File

@ -602,6 +602,7 @@ function Server(/* [options], listener */) {
ecdhCurve: self.ecdhCurve, ecdhCurve: self.ecdhCurve,
secureProtocol: self.secureProtocol, secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions, secureOptions: self.secureOptions,
honorCipherOrder: self.honorCipherOrder,
crl: self.crl, crl: self.crl,
sessionIdContext: self.sessionIdContext sessionIdContext: self.sessionIdContext
}); });
@ -720,9 +721,10 @@ Server.prototype.setOptions = function(options) {
if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout; if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
if (options.ticketKeys) this.ticketKeys = options.ticketKeys; if (options.ticketKeys) this.ticketKeys = options.ticketKeys;
var secureOptions = options.secureOptions || 0; var secureOptions = options.secureOptions || 0;
if (options.honorCipherOrder) { if (options.honorCipherOrder)
secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE; this.honorCipherOrder = true;
} else
this.honorCipherOrder = false;
if (secureOptions) this.secureOptions = secureOptions; if (secureOptions) this.secureOptions = secureOptions;
if (options.NPNProtocols) tls.convertNPNProtocols(options.NPNProtocols, this); if (options.NPNProtocols) tls.convertNPNProtocols(options.NPNProtocols, this);
if (options.sessionIdContext) { if (options.sessionIdContext) {