Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

Commit

Permalink
tls: type checking on getCipherList, improve docs and test
Browse files Browse the repository at this point in the history
Per Julian's feedback, add type and count checking on the input
to getLegacyCiphers, fill out the docs to make behavior and type
more explicit, expand the test cases to cover the additional
failure cases.
  • Loading branch information
jasnell committed Apr 15, 2015
1 parent 8496600 commit b068eb6
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 0 deletions.
20 changes: 20 additions & 0 deletions doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,14 @@ Currently, the values supported for the `enable-legacy-cipher-list` switch and

ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

Note that the `--enable-legacy-cipher-list`, `NODE_LEGACY_CIPHER_LIST`,
`--cipher-list` and `NODE_CIPHER_LIST` options are mutually exclusive. Only one
should be used at a time. If multiple happen to be used, the
`NODE_LEGACY_CIPHER_LIST` environment variable will take precedence, followed
in order by the `NODE_CIPHER_LIST` environment variable, the
`--enable-legacy-cipher-list` command line option, and finally the
`--cipher-list` command line option.

These legacy cipher suites are also made available for use via the
`getLegacyCiphers()` method:

Expand All @@ -174,6 +182,18 @@ Example:
console.log(ciphers); // ['AES128-SHA', 'AES256-SHA', ...]


## tls.getLegacyCiphers(version)

Returns a default cipher list used in a previous version of Node.js. The
version parameter must be a string whose value identifies previous Node.js
release version. The only value currently supported is `v0.10.38`.

A TypeError will be thrown if: (a) the `version` is any type other than a
string, (b) the `version` parameter is not specified, or (c) additional
parameters are passed in. An Error will be thrown if the `version` parameter is
passed in as a string but the value does not correlate to any known Node.js
release for which a default cipher list is available.

## tls.createServer(options, [secureConnectionListener])

Creates a new [tls.Server][]. The `connectionListener` argument is
Expand Down
4 changes: 4 additions & 0 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4199,6 +4199,10 @@ const char* ToCString(const node::Utf8Value& value) {

Handle<Value> DefaultCiphers(const Arguments& args) {
HandleScope scope;
unsigned int len = args.Length();
if (len != 1 || !args[0]->IsString()) {
return ThrowException(Exception::TypeError(String::New("A single string parameter is required")));
}
node::Utf8Value key(args[0]);
const char * list = legacy_cipher_list(ToCString(key));
if (list != NULL) {
Expand Down
8 changes: 8 additions & 0 deletions test/simple/test-tls-cipher-list.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,5 +69,13 @@ doTest('ABC', 'ABC', 1); // test the --cipher-list switch
doTest(tls.getLegacyCiphers(ver), ver, 3);
});

// invalid value
assert.throws(function() {tls.getLegacyCiphers('foo');});
// no parameters
assert.throws(function() {tls.getLegacyCiphers();});
// not a string parameter
assert.throws(function() {tls.getLegacyCiphers(1);});
// too many parameters
assert.throws(function() {tls.getLegacyCiphers('abc', 'extra');});
// ah, just right
assert.doesNotThrow(function() {tls.getLegacyCiphers('v0.10.38');});

0 comments on commit b068eb6

Please sign in to comment.