This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
[doc] tls add secureOptions documentation #8553
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
LGTM, thank you! |
indutny
pushed a commit
that referenced
this pull request
Oct 15, 2014
PR-URL: #8553 Reviewed-By: Fedor Indutny <[email protected]>
|
Landed in 6a95e9f, thank you! |
|
Go ahead for it! :) |
mscdex
pushed a commit
to mscdex/node
that referenced
this pull request
Dec 25, 2014
PR-URL: nodejs#8553 Reviewed-By: Fedor Indutny <[email protected]>
piscisaureus
added a commit
to nodejs/node
that referenced
this pull request
Jan 10, 2015
Squashed commit of the following: commit 63d21f3e020f4488357629b6303784f0b3a14a7c Author: Timothy J Fontaine <[email protected]> Date: Wed Oct 22 12:14:10 2014 -0700 tls: enforce secureOptions on incoming clients Reuse the secureProtocol and secureOptions of the server when creating the secure context for incoming clients. commit c67fa4b5370f24669744fc361385d25e8016a3d8 Author: Timothy J Fontaine <[email protected]> Date: Wed Oct 22 10:27:56 2014 -0700 tls: honorCipherOrder should not degrade defaults Specifying honorCipherOrder should not change the SSLv2/SSLv3 defaults for a TLS server. Use secureOptions logic in both lib/tls.js and lib/crypto.js commit 4d0c1efa6ecab6a3a5be6001d9a9f508ffd1e2a6 Author: Fedor Indutny <[email protected]> Date: Sat Oct 18 04:47:05 2014 +0400 crypto: allow forcing SSLv2/v3 via secureProtocol Force-enable SSLv2/v3 when `secureProtocol` is explicitly set to `SSLv2_method` or `SSLv3_method`. see discussion at #8551 commit 9d0af935a10ce2bf27ddc3dd529d832e1a982998 Author: Timothy J Fontaine <[email protected]> Date: Fri Oct 17 15:16:26 2014 -0700 crypto: move disaling SSLv2/3 into JavaScript commit 88f34ac3e9b3b9248c52551dac414e4c8aeaf789 Author: Timothy J Fontaine <[email protected]> Date: Fri Oct 17 15:15:45 2014 -0700 doc: clarify poodle mitigation commit 1ad00e0cb3e123adc78a4c2ed7f159c06d247dee Author: Alexis Campailla <[email protected]> Date: Thu Oct 16 18:45:47 2014 +0200 crypto: extra caution in setting ssl options Always set ssl2/ssl3 disabled based on whether they are enabled in Node. In some corner-case scenario, node with OPENSSL_NO_SSL3 defined could be linked to openssl that has SSL3 enabled. commit cf8a621dd3f5122bce3dabd2c671a6a60203a2c9 Author: Timothy J Fontaine <[email protected]> Date: Wed Oct 15 13:56:40 2014 -0700 crypto: allow runtime opt in using SSLv2/SSLv3 This change disables SSLv2/SSLv3 use by default, and introduces a command line flag to opt into using SSLv2/SSLv3. SSLv2 and SSLv3 are considered unsafe, and should only be used in situations where compatibility with other components is required and they cannot be upgrade to support newer forms of TLS. commit 262de7a7f090c59641b8f5b2bba2f8db4ccdab6e Author: Timothy J Fontaine <[email protected]> Date: Wed Oct 15 14:48:05 2014 -0700 build: revert change to disable ssl2 and ssl3 commit 564cacb47c1de16698188e8991a0d55eaf36b7a2 Author: Fedor Indutny <[email protected]> Date: Wed Oct 15 19:28:16 2014 +0400 doc: document why SSL2/SSL3 is disabled PR-URL: nodejs/node-v0.x-archive#8551 Reviewed-By: Ben Noordhuis <[email protected]> commit ac49f04896cbb7564bdd2a8cc955d62de7071f5a Author: Fedor Indutny <[email protected]> Date: Wed Oct 15 12:58:01 2014 +0400 configure: disable ssl2/ssl3 by default PR-URL: nodejs/node-v0.x-archive#8551 Reviewed-By: Ben Noordhuis <[email protected]> commit cad51a32b0102a074a85929e98c07b754edaaa54 Author: Swaagie <[email protected]> Date: Wed Oct 15 11:08:33 2014 +0200 tls add secureOptions documentation PR-URL: nodejs/node-v0.x-archive#8553 Reviewed-By: Fedor Indutny <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In relation to POODLE, secureOptions been around for a while and provides more usefulness.