From af78840b194528a147e4683aed27a320f9764ea5 Mon Sep 17 00:00:00 2001
From: Hativ <Hativ@users.noreply.github.com>
Date: Tue, 7 Nov 2017 00:08:22 +0100
Subject: [PATCH] tls: set ecdhCurve default to 'auto'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For best out-of-the-box compatibility there should not be one default
`ecdhCurve` for the tls client, OpenSSL should choose them
automatically.

See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)

PR-URL: https://github.com/nodejs/node/pull/16853
Refs: https://github.com/nodejs/node/issues/16196
Refs: https://github.com/nodejs/node/issues/1495
Refs: https://github.com/nodejs/node/pull/15206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
---
 doc/api/tls.md                                       | 5 +----
 lib/tls.js                                           | 2 +-
 test/parallel/test-tls-client-getephemeralkeyinfo.js | 2 +-
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/doc/api/tls.md b/doc/api/tls.md
index 4274c36d20d0e0..bba044a36d46e3 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -1164,8 +1164,7 @@ added: v0.11.13
 -->
 
 The default curve name to use for ECDH key agreement in a tls server. The
-default value is `'prime256v1'` (NIST P-256). Consult [RFC 4492] and
-[FIPS.186-4] for more details.
+default value is `'auto'`. See [`tls.createSecureContext()`] for further information.
 
 
 ## Deprecated APIs
@@ -1296,13 +1295,11 @@ where `secure_socket` has the same API as `pair.cleartext`.
 [Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
 [DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
 [ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
-[FIPS.186-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
 [Forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy
 [OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling
 [OpenSSL Options]: crypto.html#crypto_openssl_options
 [OpenSSL cipher list format documentation]: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT
 [Perfect Forward Secrecy]: #tls_perfect_forward_secrecy
-[RFC 4492]: https://www.rfc-editor.org/rfc/rfc4492.txt
 [SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html
 [SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
 [Stream]: stream.html#stream_stream
diff --git a/lib/tls.js b/lib/tls.js
index a82535df618f99..5b20cade2e3b3b 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -45,7 +45,7 @@ exports.SLAB_BUFFER_SIZE = 10 * 1024 * 1024;
 exports.DEFAULT_CIPHERS =
     process.binding('constants').crypto.defaultCipherList;
 
-exports.DEFAULT_ECDH_CURVE = 'prime256v1';
+exports.DEFAULT_ECDH_CURVE = 'auto';
 
 exports.getCiphers = internalUtil.cachedResult(
   () => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true)
diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js
index fcb93aa3b6fe0b..d62e1ac0e176ce 100644
--- a/test/parallel/test-tls-client-getephemeralkeyinfo.js
+++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js
@@ -80,7 +80,7 @@ function testDHE2048() {
 }
 
 function testECDHE256() {
-  test(256, 'ECDH', tls.DEFAULT_ECDH_CURVE, testECDHE512);
+  test(256, 'ECDH', 'prime256v1', testECDHE512);
   ntests++;
 }