Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

Commit

Permalink
tls: make cipher list configurable
Browse files Browse the repository at this point in the history
options.ciphers existed but didn't work, the cipher list was effectively
hard-coded to RC4-SHA:AES128-SHA:AES256-SHA.

Fixes #2066.
  • Loading branch information
bnoordhuis committed Nov 16, 2011
1 parent 44314cc commit 5e3b009
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 4 deletions.
5 changes: 1 addition & 4 deletions lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -849,15 +849,13 @@ function Server(/* [options], listener */) {
passphrase: self.passphrase,
cert: self.cert,
ca: self.ca,
ciphers: self.ciphers,
ciphers: self.ciphers || 'RC4-SHA:AES128-SHA:AES256-SHA',
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
crl: self.crl,
sessionIdContext: self.sessionIdContext
});

sharedCreds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');

// constructor call
net.Server.call(this, function(socket) {
var creds = crypto.createCredentials(null, sharedCreds.context);
Expand Down Expand Up @@ -1017,7 +1015,6 @@ exports.connect = function(port /* host, options, cb */) {
var socket = new net.Stream();

var sslcontext = crypto.createCredentials(options);
//sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');

convertNPNProtocols(options.NPNProtocols, this);
var pair = new SecurePair(sslcontext, false, true, false,
Expand Down
61 changes: 61 additions & 0 deletions test/simple/test-tls-set-ciphers.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.

var common = require('../common');
var assert = require('assert');
var exec = require('child_process').exec;
var tls = require('tls');
var fs = require('fs');

if (process.platform === 'win32') {
console.log("Skipping test, you probably don't have openssl installed.");
process.exit();
}

var options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
ciphers: 'NULL-MD5' // it's ultra-fast!
};

var reply = 'I AM THE WALRUS'; // something recognizable
var nconns = 0;
var response = '';

process.on('exit', function() {
assert.equal(nconns, 1);
assert.notEqual(response.indexOf(reply), -1);
});

var server = tls.createServer(options, function(conn) {
conn.end(reply);
nconns++;
});

server.listen(common.PORT, '127.0.0.1', function() {
var cmd = 'openssl s_client -cipher NULL-MD5 -connect 127.0.0.1:' + common.PORT;

exec(cmd, function(err, stdout, stderr) {
if (err) throw err;
response = stdout;
server.close();
});
});

0 comments on commit 5e3b009

Please sign in to comment.