feat(ssl): adds missing ssl options ssl options for ciphers and `ec…

…dhCurve` Adds missingssl options that are required for mongodb-core to establish ssl handshake with mongo server which is used certificate with ECDH curve Ports #1579 to 3.0.0
mongodb · Dec 5, 2017 · 441b7b1 · 441b7b1
1 parent f9f2b69
commit 441b7b1
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/lib/topologies/mongos.js b/lib/topologies/mongos.js
@@ -47,6 +47,8 @@ var legalOptionNames = [
   'sslCA',
   'sslCRL',
   'sslCert',
+  'ciphers',
+  'ecdhCurve',
   'sslKey',
   'sslPass',
   'socketOptions',
@@ -86,6 +88,8 @@ var legalOptionNames = [
  * @param {object} [options.sslValidate=true] Validate mongod server certificate against ca (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {array} [options.sslCA=null] Array of valid certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {array} [options.sslCRL=null] Array of revocation certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher)
+ * @param {string} [options.ciphers=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info.
+ * @param {string} [options.ecdhCurve=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info.
  * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {(Buffer|string)} [options.sslKey=null] String or buffer containing the certificate private key we wish to present (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {(Buffer|string)} [options.sslPass=null] String or buffer containing the certificate password (needs to have a mongod server with ssl support, 2.4 or higher)

diff --git a/lib/topologies/replset.js b/lib/topologies/replset.js
@@ -49,6 +49,8 @@ var legalOptionNames = [
   'sslValidate',
   'sslCA',
   'sslCert',
+  'ciphers',
+  'ecdhCurve',
   'sslCRL',
   'sslKey',
   'sslPass',
@@ -96,7 +98,9 @@ var legalOptionNames = [
  * @param {object} [options.sslValidate=true] Validate mongod server certificate against ca (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {array} [options.sslCA=null] Array of valid certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {array} [options.sslCRL=null] Array of revocation certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher)
- * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher)
+ * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher.
+ * @param {string} [options.ciphers=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info.
+ * @param {string} [options.ecdhCurve=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info.
  * @param {(Buffer|string)} [options.sslKey=null] String or buffer containing the certificate private key we wish to present (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {(Buffer|string)} [options.sslPass=null] String or buffer containing the certificate password (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {string} [options.servername=null] String containing the server name requested via TLS SNI.

diff --git a/lib/topologies/server.js b/lib/topologies/server.js
@@ -44,6 +44,8 @@ var legalOptionNames = [
   'sslCA',
   'sslCRL',
   'sslCert',
+  'ciphers',
+  'ecdhCurve',
   'sslKey',
   'sslPass',
   'socketOptions',
@@ -86,6 +88,8 @@ var legalOptionNames = [
  * @param {array} [options.sslCA=null] Array of valid certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {array} [options.sslCRL=null] Array of revocation certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher)
+ * @param {string} [options.ciphers=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info.
+ * @param {string} [options.ecdhCurve=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info.
  * @param {(Buffer|string)} [options.sslKey=null] String or buffer containing the certificate private key we wish to present (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {(Buffer|string)} [options.sslPass=null] String or buffer containing the certificate password (needs to have a mongod server with ssl support, 2.4 or higher)
  * @param {string} [options.servername=null] String containing the server name requested via TLS SNI.