tls: enforce secureOptions on incoming clients

Reuse the secureProtocol and secureOptions of the server when creating the secure context for incoming clients.
nodejs · Oct 23, 2014 · 69080f5 · 69080f5
1 parent b9283cf
commit 69080f5
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/tls.js b/lib/tls.js
@@ -1145,7 +1145,12 @@ function Server(/* [options], listener */) {
 
   // constructor call
   net.Server.call(this, function(socket) {
-    var creds = crypto.createCredentials(null, sharedCreds.context);
+    var connOps = {
+      secureProtocol: self.secureProtocol,
+      secureOptions: self.secureOptions
+    };
+
+    var creds = crypto.createCredentials(connOps, sharedCreds.context);
 
     var pair = new SecurePair(creds,
                               true,