Skip to content
Permalink
Browse files

tls: disallow conflicting TLS protocol options

Do not allow the minimum protocol level to be set higher than the max
protocol level.

See: #26951, 109c097

PR-URL: #27521
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information...
sam-github committed May 1, 2019
1 parent d370d12 commit cb848b4546eeca234ce59434bb8a6bc6a6da4fc4
Showing with 19 additions and 0 deletions.
  1. +5 −0 src/node_options.cc
  2. +14 −0 test/parallel/test-tls-cli-min-max-conflict.js
@@ -148,6 +148,11 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) {
errors->push_back("invalid value for --unhandled-rejections");
}

if (tls_min_v1_3 && tls_max_v1_2) {
errors->push_back("either --tls-min-v1.3 or --tls-max-v1.2 can be "
"used, not both");
}

#if HAVE_INSPECTOR
if (!cpu_prof) {
if (!cpu_prof_name.empty()) {
@@ -0,0 +1,14 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');

// Check that conflicting TLS protocol versions are not allowed

const assert = require('assert');
const child_process = require('child_process');

const args = ['--tls-min-v1.3', '--tls-max-v1.2', '-p', 'process.version'];
child_process.execFile(process.argv[0], args, (err) => {
assert(err);
assert(/not both/.test(err.message));
});

0 comments on commit cb848b4

Please sign in to comment.
You can’t perform that action at this time.