mirrors/nodejs
mirrors/nodejs
0
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-29 23:16:30 +01:00
Code Issues Releases Activity
13,679 Commits 49 Branches 857 Tags 1.8 GiB
40a5761969
Commit Graph

158 Commits

Author SHA1 Message Date
Ben Noordhuis
cfd0dca9ae crypto: make getCiphers() return non-SSL ciphers 
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.

Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.

Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.
 2013-03-25 18:42:07 +01:00
Andy Burke
595b5974d7 Add bytesWritten to tls.CryptoStream 
This adds a proxy for bytesWritten to the tls.CryptoStream.  This
change makes the connection object more similar between HTTP and
HTTPS requests in an effort to avoid confusion.

See issue #4650 for more background information.
 2013-01-24 16:48:49 -08:00
Fedor Indutny
82f1d340c1 tls: make slab buffer's size configurable 
see #4636
 2013-01-24 08:47:07 -08:00
Ben Noordhuis
5b65638124 tls, https: add tls handshake timeout 
Don't allow connections to stall indefinitely if the SSL/TLS handshake does
not complete.

Adds a new tls.Server and https.Server configuration option, handshakeTimeout.

Fixes #4355.
 2012-12-06 17:39:24 +01:00
Nathan Rajlich
4b238b4c2a Merge remote-tracking branch 'origin/v0.8' 
Conflicts:
	AUTHORS
	ChangeLog
	deps/uv/test/runner-win.c
	doc/api/process.markdown
	lib/repl.js
	src/node_crypto.cc
	src/node_version.h
 2012-10-13 16:16:56 -07:00
Ben Noordhuis
0ad005852c https: fix renegotation attack protection 
Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.

Fixes test/pummel/test-https-ci-reneg-attack.js
 2012-10-09 16:38:00 +02:00
Andreas Madsen
be5a8e24c2 doc: consistent use of the callback argument 2012-10-08 22:58:11 +02:00
Ben Noordhuis
35607f3a2d tls, https: validate server certificate by default 
This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes #3949.
 2012-09-15 00:19:06 +02:00
Fedor Indutny
8e0c830cd0 tls: async session storage 2012-09-05 02:01:54 +04:00
Ben Noordhuis
badbd1af27 tls: update default cipher list 
Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA
to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
in order to mitigate BEAST attacks.

The documentation suggested AES256-SHA but unfortunately that's a CBC cipher
and therefore susceptible to attacks.

Fixes #3900.
 2012-08-21 22:27:13 +02:00
Ben Kelly
c6185c8484 doc: Improve cross-linking in API docs markdown 
Cross-link EventEmitter references in API docs to events.html

Fix broken cross-reference links with wrong anchor names in API docs.
 2012-06-15 09:44:37 -07:00
isaacs
5164ae3838 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	deps/uv/include/uv-private/uv-unix.h
	deps/uv/src/unix/core.c
	deps/uv/src/unix/sunos.c
	deps/v8/src/runtime.cc
	doc/api/crypto.markdown
	lib/http.js
	src/node_version.h
	test/gc/test-http-client-timeout.js
	wscript
 2012-05-15 11:37:34 -07:00
ssuda
fb7348ae06 crypto: add PKCS12/PFX support 
Fixes #2845.
 2012-05-14 17:12:59 +02:00
Shigeki Ohtsu
0d13142332 tcp: make getsockname() return address family as string 2012-04-16 18:00:47 +02:00
Shigeki Ohtsu
75face6139 doc: fix TLS cipher names 2012-03-23 17:11:13 +01:00
Shigeki Ohtsu
2cf5f040a5 doc: add cleartextStream.getCipher() in tls 2012-03-23 17:09:50 +01:00
isaacs
1d5b6f26fe Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	Makefile
	deps/npm/AUTHORS
	deps/npm/html/api/bin.html
	deps/npm/html/api/bugs.html
	deps/npm/html/api/commands.html
	deps/npm/html/api/config.html
	deps/npm/html/api/deprecate.html
	deps/npm/html/api/docs.html
	deps/npm/html/api/edit.html
	deps/npm/html/api/explore.html
	deps/npm/html/api/help-search.html
	deps/npm/html/api/init.html
	deps/npm/html/api/install.html
	deps/npm/html/api/link.html
	deps/npm/html/api/load.html
	deps/npm/html/api/ls.html
	deps/npm/html/api/npm.html
	deps/npm/html/api/outdated.html
	deps/npm/html/api/owner.html
	deps/npm/html/api/pack.html
	deps/npm/html/api/prefix.html
	deps/npm/html/api/prune.html
	deps/npm/html/api/publish.html
	deps/npm/html/api/rebuild.html
	deps/npm/html/api/restart.html
	deps/npm/html/api/root.html
	deps/npm/html/api/run-script.html
	deps/npm/html/api/search.html
	deps/npm/html/api/shrinkwrap.html
	deps/npm/html/api/start.html
	deps/npm/html/api/stop.html
	deps/npm/html/api/submodule.html
	deps/npm/html/api/tag.html
	deps/npm/html/api/test.html
	deps/npm/html/api/uninstall.html
	deps/npm/html/api/unpublish.html
	deps/npm/html/api/update.html
	deps/npm/html/api/version.html
	deps/npm/html/api/view.html
	deps/npm/html/api/whoami.html
	deps/npm/html/doc/README.html
	deps/npm/html/doc/adduser.html
	deps/npm/html/doc/bin.html
	deps/npm/html/doc/bugs.html
	deps/npm/html/doc/build.html
	deps/npm/html/doc/bundle.html
	deps/npm/html/doc/cache.html
	deps/npm/html/doc/changelog.html
	deps/npm/html/doc/coding-style.html
	deps/npm/html/doc/completion.html
	deps/npm/html/doc/config.html
	deps/npm/html/doc/deprecate.html
	deps/npm/html/doc/developers.html
	deps/npm/html/doc/disputes.html
	deps/npm/html/doc/docs.html
	deps/npm/html/doc/edit.html
	deps/npm/html/doc/explore.html
	deps/npm/html/doc/faq.html
	deps/npm/html/doc/folders.html
	deps/npm/html/doc/help-search.html
	deps/npm/html/doc/help.html
	deps/npm/html/doc/index.html
	deps/npm/html/doc/init.html
	deps/npm/html/doc/install.html
	deps/npm/html/doc/json.html
	deps/npm/html/doc/link.html
	deps/npm/html/doc/list.html
	deps/npm/html/doc/npm.html
	deps/npm/html/doc/outdated.html
	deps/npm/html/doc/owner.html
	deps/npm/html/doc/pack.html
	deps/npm/html/doc/prefix.html
	deps/npm/html/doc/prune.html
	deps/npm/html/doc/publish.html
	deps/npm/html/doc/rebuild.html
	deps/npm/html/doc/registry.html
	deps/npm/html/doc/removing-npm.html
	deps/npm/html/doc/restart.html
	deps/npm/html/doc/root.html
	deps/npm/html/doc/run-script.html
	deps/npm/html/doc/scripts.html
	deps/npm/html/doc/search.html
	deps/npm/html/doc/semver.html
	deps/npm/html/doc/shrinkwrap.html
	deps/npm/html/doc/star.html
	deps/npm/html/doc/start.html
	deps/npm/html/doc/stop.html
	deps/npm/html/doc/submodule.html
	deps/npm/html/doc/tag.html
	deps/npm/html/doc/test.html
	deps/npm/html/doc/uninstall.html
	deps/npm/html/doc/unpublish.html
	deps/npm/html/doc/update.html
	deps/npm/html/doc/version.html
	deps/npm/html/doc/view.html
	deps/npm/html/doc/whoami.html
	deps/npm/lib/install.js
	deps/npm/lib/ls.js
	deps/npm/man/man1/npm.1
	deps/npm/man/man1/shrinkwrap.1
	deps/npm/man/man3/npm.3
	deps/npm/man/man3/shrinkwrap.3
	deps/npm/node_modules/request/main.js
	deps/npm/node_modules/request/package.json
	deps/npm/package.json
	deps/uv/src/unix/core.c
	deps/v8/src/conversions-inl.h
	deps/v8/src/elements.cc
	deps/v8/src/version.cc
	doc/about/index.html
	doc/api/assert.markdown
	doc/api/child_process.markdown
	doc/api/cluster.markdown
	doc/api/crypto.markdown
	doc/api/debugger.markdown
	doc/api/dgram.markdown
	doc/api/dns.markdown
	doc/api/documentation.markdown
	doc/api/events.markdown
	doc/api/fs.markdown
	doc/api/globals.markdown
	doc/api/http.markdown
	doc/api/https.markdown
	doc/api/modules.markdown
	doc/api/net.markdown
	doc/api/os.markdown
	doc/api/path.markdown
	doc/api/process.markdown
	doc/api/querystring.markdown
	doc/api/readline.markdown
	doc/api/stdio.markdown
	doc/api/stream.markdown
	doc/api/timers.markdown
	doc/api/tls.markdown
	doc/api/tty.markdown
	doc/api/url.markdown
	doc/api/util.markdown
	doc/api/vm.markdown
	doc/api/zlib.markdown
	doc/api_assets/style.css
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	src/node_version.h
	tools/doc/html.js
	tools/gyp/test/mac/app-bundle/empty.c
 2012-03-03 23:38:52 -08:00
isaacs
2d44dcc8be doc: Add stability indicators to documentation 2012-03-03 17:03:52 -08:00
isaacs
7bfa5cf284 s/streams/stream/ 2012-02-29 16:04:55 -08:00
isaacs
c0446edcc2 doc refactor: tls 2012-02-29 16:04:54 -08:00
Blake Miner
7343f8e776 tls: add honorCipherOrder option to tls.createServer() 
Documented how to mitigate BEAST attacks.
 2012-02-29 02:16:08 +01:00
isaacs
f9df88c6da s/streams/stream/ 2012-02-27 11:18:10 -08:00
isaacs
c9b35b9923 doc refactor: tls 2012-02-27 11:14:37 -08:00
koichik
2f5e084147 docs: remove duplicate option of tls.connect() 2012-02-25 23:07:30 +09:00
isaacs
31721da4b1 Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	AUTHORS
	ChangeLog
	Makefile
	doc/about/index.html
	doc/api/tls.markdown
	doc/community/index.html
	doc/index.html
	doc/logos/index.html
	doc/template.html
	lib/http.js
	lib/tls.js
	src/node_version.h
	src/platform_win32.cc
	test/simple/test-tls-connect-given-socket.js
 2012-02-18 09:46:58 -08:00
Ben Noordhuis
23c4278e06 docs: fix tls markdown 2012-02-17 23:58:42 +01:00
Ben Noordhuis
3415427dbf tls: mitigate session renegotiation attacks 
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
 2012-02-16 18:15:21 +01:00
koichik
ef50bd2e54 docs: removed unnecessary STARTTLS section 2012-02-17 02:10:59 +09:00
koichik
b19b8836c3 tls: Allow establishing secure connection on the existing socket 2012-02-14 11:53:05 -08:00
Ben Noordhuis
8a6576f764 Merge remote-tracking branch 'origin/v0.6' 
Conflicts:
	common.gypi
 2012-02-12 16:12:26 +01:00
Ben Noordhuis
38eec57aef docs: document tls/crypto ciphers option 
Hitherto undocumented option that lets the user select the list of ciphers to
use or exclude in a SSL/TLS session.
 2012-02-09 17:16:46 +01:00
Ryan Dahl
8b28d599a7 Merge remote branch 'origin/v0.6' 
Conflicts:
	Makefile
	configure
	src/node_version.h
 2012-01-09 11:20:22 -08:00
koichik
c1a63a9e90 tls: Allow establishing secure connection on the existing socket 
This is necessary to use SSL over HTTP tunnels.

Refs #2259, #2474.
Fixes #2489.
 2012-01-09 02:31:46 +01:00
Maciej Małecki
0321adbcf4 tls doc: update docs to reflect API change 
Refs #1983.
 2012-01-08 11:13:36 +01:00
koichik
57653added docs: small changes. 2012-01-07 06:44:35 +01:00
Ryan Dahl
f7f8af8420 Merge remote branch 'origin/v0.6' 
Conflicts:
	Makefile
	lib/_debugger.js
 2011-12-21 12:17:23 -08:00
koichik
07c27e040e tls: Fix node swallows openssl error on request 
Fixes #2308.
Fixes #2246.
 2011-12-21 19:48:15 +01:00
koichik
f8c335d0ca tls: enable rejectUnauthorized option to client 
Fiexes #2247.
 2011-12-07 22:47:06 +09:00
kyle@dontkry.com
34f34e4411 docs: fix typo 
Fixes #2193.
 2011-11-27 01:45:27 +09:00
koichik
f53d092a2a tls, https: add passphrase option 
Fixes #1925.
 2011-10-31 17:36:43 +09:00
koichik
cbcaeedba9 tls: add address(), remoteAddress/remotePort 
Fixes #758.
Fixes #1055.
 2011-10-27 00:28:16 +09:00
koichik
00aa8935d7 docs: improvement fs, http and https 2011-10-22 23:40:15 +09:00
koichik
cdec7e3ae5 docs: improvement tls example 2011-10-16 16:50:16 +09:00
koichik
86a67f15a0 docs: add example of tls 2011-10-16 01:26:38 +09:00
koichik
68cc173c6d tls: The TLS API is inconsistent with the TCP API 
Add 'secureConnect' event to tls.CleartextStream.

Fixes #1467.
 2011-10-15 19:27:21 +09:00
koichik
19a855382c tls: requestCert unusable with Firefox and Chrome 
Fixes #1516.
 2011-10-15 00:54:46 +09:00
Logan Smyth
bc0a552a84 docs: Fix merge error in tls docs 
Fixes #1648.
 2011-09-05 00:48:35 +09:00
Ryan Dahl
8320af7ef3 Merge remote branch 'origin/v0.4' 
Conflicts:
	doc/api/tls.markdown
 2011-08-17 13:25:44 -07:00
Fedor Indutny
c0d8311f6b small NPN doc fix 
Fixes #1522.
 2011-08-14 02:51:35 +09:00
koichik
d1a2628499 Doc improvements 
related to #1472.
 2011-08-12 02:00:42 +09:00
Fedor Indutny
942f8b5afb Add NPN and SNI documentation. 
Fixes #1420.
Fixes #1426.
 2011-08-10 09:44:35 -07:00
Ben Noordhuis
54bb53bf32 docs: fix typo in tls API docs 2011-08-07 23:30:03 +02:00
Logan Smyth
3056c2ca76 Add documentation for SecurePair and its 'secure' event. 
Fixes #1443.
 2011-08-06 23:31:17 +09:00
Ryan Dahl
1768c72135 Add doc note about STARTTLS 2011-03-29 09:58:50 -07:00
Ryan Dahl
839fb8e19b typos 2011-02-24 16:36:43 -08:00
Ryan Dahl
c9e5cfcc34 Random doc fixes 2010-12-11 02:32:48 -08:00
Ryan Dahl
5bdcec67f0 Add docs for tls.connect() 2010-12-11 02:26:48 -08:00
Ryan Dahl
9a7fb3c988 Add tls.Server docs 2010-12-08 13:22:12 -08:00