0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Commit Graph

100 Commits

Author SHA1 Message Date
Ben Noordhuis
3415427dbf tls: mitigate session renegotiation attacks
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
2012-02-16 18:15:21 +01:00
koichik
b19b8836c3 tls: Allow establishing secure connection on the existing socket 2012-02-14 11:53:05 -08:00
koichik
534df2f8d2 tls: fix double 'error' events on HTTPS Requests
Fixes #2549.
2012-01-17 17:09:27 +01:00
koichik
07c27e040e tls: Fix node swallows openssl error on request
Fixes #2308.
Fixes #2246.
2011-12-21 19:48:15 +01:00
Ben Noordhuis
7a7f1062bf tls: remove duplicate assignment 2011-12-21 15:01:07 +01:00
koichik
5451ba3aa8 tls: fix https with fs.openReadStream hangs
Fixes #2185.
Fixes #2198.
2011-11-27 16:31:45 +09:00
Ben Noordhuis
5e3b0095de tls: make cipher list configurable
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.

Fixes #2066.
2011-11-17 00:01:41 +01:00
koichik
f53d092a2a tls, https: add passphrase option
Fixes #1925.
2011-10-31 17:36:43 +09:00
koichik
cbcaeedba9 tls: add address(), remoteAddress/remotePort
Fixes #758.
Fixes #1055.
2011-10-27 00:28:16 +09:00
koichik
0e8a55d2a2 tls: does not emit 'end' from EncryptedStream
de09168 and 4cdf9d4 breaks `test/pummel/test-https-large-response.js`.
It is never finished.

Fixes #1936.
2011-10-27 00:18:29 +09:00
Ryan Dahl
493d3b9f7c Merge remote branch 'origin/v0.4'
Conflicts:
	ChangeLog
	Makefile
	deps/libev/wscript
	doc/index.html
	doc/template.html
	lib/net.js
	src/node_version.h
	src/platform_cygwin.cc
	test/pummel/test-net-write-callbacks.js
	test/simple/test-buffer.js
2011-10-21 18:02:30 -07:00
Ryan Dahl
de09168e5a Emit 'end' from crypto streams on close
Fixes test/simple/test-tls-peer-certificate.js on Windows

Patch from bnoordhuis.

See also 75a0cf970f
2011-10-21 13:16:41 -07:00
koichik
68cc173c6d tls: The TLS API is inconsistent with the TCP API
Add 'secureConnect' event to tls.CleartextStream.

Fixes #1467.
2011-10-15 19:27:21 +09:00
koichik
19a855382c tls: requestCert unusable with Firefox and Chrome
Fixes #1516.
2011-10-15 00:54:46 +09:00
koichik
4cdf9d4158 tls: Improve TLS flow control
Fixes #1775.
2011-09-30 15:44:45 +09:00
Ben Noordhuis
243c218c7a tls: remove superfluous setOptions() call 2011-09-19 16:28:22 +02:00
Sean Cunningham
eb99083d0b tls: add client-side session resumption support 2011-09-07 20:01:14 +02:00
koichik
6f60683802 tls: x509 certificate subject parsing fail
Fixes #1568.
2011-08-31 03:47:23 +09:00
Fedor Indutny
942f8b5afb Add NPN and SNI documentation.
Fixes #1420.
Fixes #1426.
2011-08-10 09:44:35 -07:00
Fedor Indutny
9010f5fbab Add support for TLS SNI
Fixes #1411
2011-07-29 16:57:28 -07:00
Robert Mustacchi
de0b8d601c jslint cleanup: path.js, readline.js, repl.js, tls.js, tty_win32.js, url.js 2011-07-29 11:58:02 -07:00
Ryan Dahl
041c983290 Merge branch 'v0.4'
Conflicts:
	deps/libev/wscript
	doc/api/modules.markdown
2011-07-14 15:52:08 -07:00
Stefan Rusu
901ebed8ff Fixes #1304. The Connection instance may be destroyed by abort() when process.nextTick is executed. 2011-07-15 00:32:46 +09:00
Ryan Dahl
59274e8a33 Merge branch 'v0.4'
Conflicts:
	lib/crypto.js
	lib/tls.js
2011-05-20 10:29:16 -07:00
Ryan Dahl
9c7f89bf56 CryptoStream.prototype.readyState shoudn't reference fd
Fixes #1069
2011-05-20 10:20:22 -07:00
Fedor Indutny
21724ecaec Share SSL context between server connections
Fixes #1073.
2011-05-19 14:45:42 -07:00
Ryan Dahl
85bc8d02fa Merge branch 'v0.4'
Conflicts:
	src/node_crypto.cc
2011-05-16 19:29:02 -07:00
Felix Geisendörfer
1fde5f51b4 Make https 'timeout' events bubble up
Also adds a test case for it.
2011-05-14 13:38:04 -07:00
isaacs
205b9beb6b Merge branch 'v0.4'
Conflicts:
	lib/tls.js
	lib/url.js
	src/node_version.h
	test/simple/test-buffer.js
	test/simple/test-url.js
2011-05-07 20:38:32 -07:00
Ryan Dahl
55bff5bab9 TLS: simplify logic 2011-05-06 17:06:36 -07:00
Ryan Dahl
75a0cf970f cleartextstream.destroy() should destroy socket.
This fixes a critical bug see in MJR's production. Very difficult to build a
test case. Sometimes HTTPS server gets sockets that are hanging in a
half-duplex state.
2011-05-02 15:03:50 -07:00
Fedor Indutny
c9b40da368 OpenSSL NPN in node.js
closes #926.
2011-04-19 11:32:26 -07:00
Ryan Dahl
9e6498d5fa Merge branch 'v0.4'
Conflicts:
	src/node_version.h
2011-04-18 18:58:16 -07:00
Ryan Dahl
bb621f7c2e CryptoStream.write returns false when queue > 128kb
Previously the return value of write was dependent on if it was paused or
not which was causing a strange error demoed in the previous commit.

Fixes #892
2011-04-13 20:32:46 -07:00
Ryan Dahl
050bbf0bc4 TLS use RC4-SHA by default 2011-04-13 18:43:08 -07:00
Theo Schlossnagle
d6f5b8a2a6 allow setting of ciphers in credentials
fixes #873
2011-04-13 18:35:39 -07:00
Theo Schlossnagle
2a88dd3bc1 TLS: Add secureOptions flag
Also, secureOptions flag was added (and passed through) and allows
the context to have all supported SSL_OP_* set via createCredentials.
All SSL_OP_ flags (outside of ALL) have been added to constants.
2011-04-13 18:25:33 -07:00
Theo Schlossnagle
d0e84b0088 Pass secureProtocol through on tls.Server creation
The secureProtocol option to building the SSL context was not being properly
passed through in the credentials in the tls code. This is fixed.
2011-04-13 17:49:50 -07:00
Ryan Dahl
c0b461d9a1 Increase TLS pool size for perf increase 2011-03-28 17:37:14 -07:00
Ryan Dahl
7e28630f5e Fix GH-820. CryptoStream.end shouldn't throw if not writable
This matches the behavior of net.Socket
2011-03-21 14:36:49 -07:00
Ryan Dahl
55048cdf79 Update copyright headers 2011-03-14 17:37:05 -07:00
Theo Schlossnagle
e3925b741c TLS: Finer locks on _cycle.
Data being sent out of order.
2011-03-14 12:05:25 -07:00
Ryan Dahl
62f06fb885 CryptoStream.prototype.destroySoon shouldn't die if not writable 2011-03-09 10:53:06 -08:00
Ryan Dahl
a2f498a5ef Revert "Add extra debug print statement to tls.js"
This reverts commit 340291c085.

sometimes circular. would break node_g tests.
2011-02-24 15:59:40 -08:00
Ryan Dahl
340291c085 Add extra debug print statement to tls.js 2011-02-23 16:38:30 -08:00
Ryan Dahl
ab144f4843 Add TODO item 2011-02-23 04:43:13 -08:00
Ryan Dahl
c2a62951f6 TLS sockets should not be writable after 'end'
Closes GH-694.
2011-02-19 18:25:15 -08:00
Ryan Dahl
19b4c27ebf TLS: Make _cycle reentrant. 2011-02-16 18:10:53 -08:00
Ryan Dahl
c365f56061 https was missing 'end' event sometimes
Closes GH-671.
2011-02-15 17:13:53 -08:00
Theo Schlossnagle
01a864a29d TLS: CRL support
Needs more tests.
2011-02-10 00:49:15 -08:00