mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
5165d71048
SSLv3 is susceptible to downgrade attacks. Provide secure defaults, disable v3 protocol support entirely. PR-URL: https://github.com/iojs/io.js/pull/315 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com>
53 lines
2.1 KiB
JavaScript
53 lines
2.1 KiB
JavaScript
if (!process.versions.openssl) {
|
|
console.error('Skipping because node compiled without OpenSSL.');
|
|
process.exit(0);
|
|
}
|
|
|
|
var common = require('../common');
|
|
var assert = require('assert');
|
|
var tls = require('tls');
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ secureProtocol: 'blargh' });
|
|
}, /Unknown method/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ secureProtocol: 'SSLv2_method' });
|
|
}, /SSLv2 methods disabled/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ secureProtocol: 'SSLv2_client_method' });
|
|
}, /SSLv2 methods disabled/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ secureProtocol: 'SSLv2_server_method' });
|
|
}, /SSLv2 methods disabled/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ secureProtocol: 'SSLv3_method' });
|
|
}, /SSLv3 methods disabled/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ secureProtocol: 'SSLv3_client_method' });
|
|
}, /SSLv3 methods disabled/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ secureProtocol: 'SSLv3_server_method' });
|
|
}, /SSLv3 methods disabled/);
|
|
|
|
// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends are
|
|
// still accepted. They are OpenSSL's way of saying that all known protocols
|
|
// are supported unless explicitly disabled (which we do for SSLv2 and SSLv3.)
|
|
tls.createSecureContext({ secureProtocol: 'SSLv23_method' });
|
|
tls.createSecureContext({ secureProtocol: 'SSLv23_client_method' });
|
|
tls.createSecureContext({ secureProtocol: 'SSLv23_server_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_client_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_server_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_1_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_1_client_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_1_server_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_2_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_2_client_method' });
|
|
tls.createSecureContext({ secureProtocol: 'TLSv1_2_server_method' });
|