Skip to content

Commit

Permalink
Accept the maxVersion and minVersion properties in connection ssl option
Browse files Browse the repository at this point in the history
fixes #2301
closes #2304
  • Loading branch information
Alex Burley authored and dougwilson committed Mar 13, 2022
1 parent 281d935 commit dc9c152
Show file tree
Hide file tree
Showing 7 changed files with 180 additions and 1 deletion.
1 change: 1 addition & 0 deletions Changes.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ you spot any mistakes.

## HEAD

* Accept the `maxVersion` and `minVersion` properties in connection `ssl` option #2301 #2304
* Support Node.js 14.x
* Support Node.js 15.x
* Support Node.js 16.x
Expand Down
4 changes: 4 additions & 0 deletions Readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,10 @@ following options:
* `ciphers`: The ciphers to use to use in the SSL handshake instead of the default ones for Node.js. This
is passed as the `ciphers` option for [`tls.createSecureContext()`] call (or underlying [`crypto.createCredentials()`]
if using Node.js below 0.12).
* `maxVersion`: This is passed as the `maxVersion` option for the underlying [`tls.createSecureContext()`]
call.
* `minVersion`: This is passed as the `minVersion` option for the underlying [`tls.createSecureContext()`]
call.
* `key`: This is passed as the `key` option for [`tls.createSecureContext()`] call (or underlying
[`crypto.createCredentials()`] if using Node.js below 0.12).
* `passphrase`: This is passed as the `passphrase` option for [`tls.createSecureContext()`] call (or
Expand Down
4 changes: 3 additions & 1 deletion lib/Connection.js
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,7 @@ if (tls.TLSSocket) {
});

// cleartext <-> protocol
secureSocket.pipe(connection._protocol);
secureSocket.pipe(connection._protocol, { end: false });
connection._protocol.on('data', function(data) {
secureSocket.write(data);
});
Expand Down Expand Up @@ -465,6 +465,8 @@ function createSecureContext (config, cb) {
cert : config.ssl.cert,
ciphers : config.ssl.ciphers,
key : config.ssl.key,
maxVersion : config.ssl.maxVersion,
minVersion : config.ssl.minVersion,
passphrase : config.ssl.passphrase
});
} catch (err) {
Expand Down
42 changes: 42 additions & 0 deletions test/unit/connection/test-connection-ssl-max-version-accept.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
var assert = require('assert');
var common = require('../../common');
var tls = require('tls');

if (!tls.createSecureContext) {
common.skipTest('node ' + process.version + ' does not support tls.createSecureContext()');
}

if (!tls.DEFAULT_MAX_VERSION) {
common.skipTest('node ' + process.version + ' does not support tls maxVersion');
}

var server = common.createFakeServer({
ssl: {
maxVersion : tls.DEFAULT_MAX_VERSION,
minVersion : tls.DEFAULT_MAX_VERSION
}
});

server.listen(0, function (err) {
assert.ifError(err);

var connection = common.createConnection({
port : server.port(),
ssl : {
ca : common.getSSLConfig().ca,
maxVersion : tls.DEFAULT_MAX_VERSION
}
});

connection.connect(function (err) {
assert.ifError(err);
connection.destroy();
server.destroy();
});
});

server.on('connection', function (incomingConnection) {
incomingConnection.handshake({
serverCapabilities1: common.ClientConstants.CLIENT_SSL
});
});
44 changes: 44 additions & 0 deletions test/unit/connection/test-connection-ssl-max-version-reject.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
var assert = require('assert');
var common = require('../../common');
var tls = require('tls');

if (!tls.createSecureContext) {
common.skipTest('node ' + process.version + ' does not support tls.createSecureContext()');
}

if (!tls.DEFAULT_MAX_VERSION) {
common.skipTest('node ' + process.version + ' does not support tls maxVersion');
}

var server = common.createFakeServer({
ssl: {
maxVersion : tls.DEFAULT_MAX_VERSION,
minVersion : tls.DEFAULT_MAX_VERSION
}
});

server.listen(0, function (err) {
assert.ifError(err);

var connection = common.createConnection({
port : server.port(),
ssl : {
ca : common.getSSLConfig().ca,
maxVersion : tls.DEFAULT_MIN_VERSION
}
});

connection.connect(function (err) {
assert.ok(err);
assert.strictEqual(err.code, 'HANDSHAKE_SSL_ERROR');
assert.strictEqual(err.fatal, true);
connection.destroy();
server.destroy();
});
});

server.on('connection', function (incomingConnection) {
incomingConnection.handshake({
serverCapabilities1: common.ClientConstants.CLIENT_SSL
});
});
42 changes: 42 additions & 0 deletions test/unit/connection/test-connection-ssl-min-version-accept.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
var assert = require('assert');
var common = require('../../common');
var tls = require('tls');

if (!tls.createSecureContext) {
common.skipTest('node ' + process.version + ' does not support tls.createSecureContext()');
}

if (!tls.DEFAULT_MIN_VERSION) {
common.skipTest('node ' + process.version + ' does not support tls minVersion');
}

var server = common.createFakeServer({
ssl: {
maxVersion : tls.DEFAULT_MIN_VERSION,
minVersion : tls.DEFAULT_MIN_VERSION
}
});

server.listen(0, function (err) {
assert.ifError(err);

var connection = common.createConnection({
port : server.port(),
ssl : {
ca : common.getSSLConfig().ca,
minVersion : tls.DEFAULT_MIN_VERSION
}
});

connection.connect(function (err) {
assert.ifError(err);
connection.destroy();
server.destroy();
});
});

server.on('connection', function (incomingConnection) {
incomingConnection.handshake({
serverCapabilities1: common.ClientConstants.CLIENT_SSL
});
});
44 changes: 44 additions & 0 deletions test/unit/connection/test-connection-ssl-min-version-reject.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
var assert = require('assert');
var common = require('../../common');
var tls = require('tls');

if (!tls.createSecureContext) {
common.skipTest('node ' + process.version + ' does not support tls.createSecureContext()');
}

if (!tls.DEFAULT_MIN_VERSION) {
common.skipTest('node ' + process.version + ' does not support tls minVersion');
}

var server = common.createFakeServer({
ssl: {
maxVersion : tls.DEFAULT_MIN_VERSION,
minVersion : tls.DEFAULT_MIN_VERSION
}
});

server.listen(0, function (err) {
assert.ifError(err);

var connection = common.createConnection({
port : server.port(),
ssl : {
ca : common.getSSLConfig().ca,
minVersion : tls.DEFAULT_MAX_VERSION
}
});

connection.connect(function (err) {
assert.ok(err);
assert.strictEqual(err.code, 'HANDSHAKE_SSL_ERROR');
assert.strictEqual(err.fatal, true);
connection.destroy();
server.destroy();
});
});

server.on('connection', function (incomingConnection) {
incomingConnection.handshake({
serverCapabilities1: common.ClientConstants.CLIENT_SSL
});
});

0 comments on commit dc9c152

Please sign in to comment.