mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
5fe81c8aff
This aligns the documentation with reality. This API never did what Node
claims it did.
The SSL_CIPHER_get_version function just isn't useful. In OpenSSL 1.0.2,
it always returned the string "TLSv1/SSLv3" for anything but SSLv2
ciphers, which Node does not support. Note how test-tls-multi-pfx.js
claims that ECDHE-ECDSA-AES256-GCM-SHA384 was added in TLSv1/SSLv3 which
is not true. That cipher is new as of TLS 1.2. The OpenSSL 1.0.2
implementation is:
char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
{
int i;
if (c == NULL)
return ("(NONE)");
i = (int)(c->id >> 24L);
if (i == 3)
return ("TLSv1/SSLv3");
else if (i == 2)
return ("SSLv2");
else
return ("unknown");
}
In OpenSSL 1.1.0, SSL_CIPHER_get_version changed to actually behave as
Node documented it, but this changes the semantics of the function and
breaks tests. The cipher's minimum protocol version is not a useful
notion to return to the caller here, so just hardcode the string at
"TLSv1/SSLv3" and document it as legacy.
PR-URL: https://github.com/nodejs/node/pull/16130
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
|
||
|---|---|---|
| .. | ||
| api | ||
| api_assets | ||
| changelogs | ||
| guides | ||
| .eslintrc.yaml | ||
| first_timer_badge.png | ||
| full-white-stripe.jpg | ||
| node.1 | ||
| onboarding-extras.md | ||
| onboarding.md | ||
| osx_installer_logo.png | ||
| releases.md | ||
| STYLE_GUIDE.md | ||
| template.html | ||
| thin-white-stripe.jpg | ||
