mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
1e0b75c3df
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: https://github.com/nodejs/node/issues/36655 Fixes: https://github.com/nodejs/node/issues/49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: https://github.com/nodejs/node/pull/50186 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it>
27 lines
846 B
JavaScript
27 lines
846 B
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const assert = require('assert');
|
|
const tls = require('tls');
|
|
const fixtures = require('../common/fixtures');
|
|
|
|
{
|
|
const options = {
|
|
key: fixtures.readKey('agent11-key.pem'),
|
|
cert: fixtures.readKey('agent11-cert.pem'),
|
|
ciphers: 'DEFAULT'
|
|
};
|
|
|
|
// Should throw error as key is too small because openssl v3 doesn't allow it
|
|
assert.throws(() => tls.createServer(options, common.mustNotCall()),
|
|
/key too small/i);
|
|
|
|
// Reducing SECLEVEL to 0 in ciphers retains compatibility with previous versions of OpenSSL like using a small key.
|
|
// As ciphers are getting set before the cert and key get loaded.
|
|
options.ciphers = 'DEFAULT:@SECLEVEL=0';
|
|
assert.ok(tls.createServer(options, common.mustNotCall()));
|
|
}
|