Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: support multiple ECDH curves and auto #15206

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
9 participants
@rogaps
Copy link
Contributor

commented Sep 5, 2017

Using SSL_CTX_set1_curves_list() (OpenSSL 1.0.2+), this allows to set
colon separated ECDH curve names in SecureContext's ecdhCurve option.
The option can also be set to "auto" to select the curve automatically
from list built in OpenSSL by enabling SSL_CTX_set_ecdh_auto()
(OpenSSL 1.0.2+).
Refs: #15054

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

crypto

if (!SSL_CTX_set1_curves_list(sc->ctx_, *curve))
return env->ThrowError("Failed to set ECDH curve");
#else
int nid = OBJ_sn2nid(strcmp(*curve, "auto") == 0 ? "prime256v1" : *curve);

This comment has been minimized.

Copy link
@mscdex

mscdex Sep 5, 2017

Contributor

I'm not sure we should be implicitly selecting our own hardcoded curve in this case for "auto." If the intent is to use the value of tls.DEFAULT_ECDH_CURVE, we would probably need to dynamically read that value since it could be changed by end users. However, we should probably throw an error instead when we see "auto" and the appropriate OpenSSL API is not available.

This comment has been minimized.

Copy link
@rogaps

rogaps Sep 6, 2017

Author Contributor

My intention was to use tls.DEFAULT_ECDH_CURVE's value but displaying error is perhaps better if auto is actually not supported the version of OpenSSL.

int nid = OBJ_sn2nid(*curve);
SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE);

#if (defined SSL_CTX_set1_curves_list || defined SSL_CTRL_SET_CURVES_LIST)

This comment has been minimized.

Copy link
@mscdex

mscdex Sep 5, 2017

Contributor

Minor nit: we use defined() below but not here. I think we should be consistent.

This comment has been minimized.

Copy link
@rogaps

rogaps Sep 6, 2017

Author Contributor

Sure. I will update it.

@mscdex

This comment has been minimized.

Copy link
Contributor

commented Sep 5, 2017

@rogaps rogaps force-pushed the rogaps:multiple-curves-support branch from 1e960c6 to 9636b1c Sep 6, 2017

@BridgeAR

This comment has been minimized.

Copy link
Member

commented Sep 13, 2017

// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.

This comment has been minimized.

Copy link
@jasnell

jasnell Sep 14, 2017

Member

The copyright header block should not be added to new files


const options = {
key: fs.readFileSync(`${common.fixturesDir}/keys/agent2-key.pem`),
cert: fs.readFileSync(`${common.fixturesDir}/keys/agent2-cert.pem`),

This comment has been minimized.

Copy link
@jasnell

jasnell Sep 14, 2017

Member

Please make use of the new require('common/fixtures') utility here.

conn.end(reply);
}));

server.listen(0, '127.0.0.1', common.mustCall(function() {

This comment has been minimized.

Copy link
@jasnell

jasnell Sep 14, 2017

Member

The 127.0.0.1 host can be omitted


server.listen(0, '127.0.0.1', common.mustCall(function() {
let cmd = `"${common.opensslCli}" s_client -cipher ${
options.ciphers} -connect 127.0.0.1:${this.address().port}`;

This comment has been minimized.

Copy link
@jasnell

jasnell Sep 14, 2017

Member

Not really a fan of multiline template literals and we've tried to avoid their use in the past.

// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.

This comment has been minimized.

Copy link
@jasnell

jasnell Sep 14, 2017

Member

Ditto here... the copyright header should not be included.

@jasnell
Copy link
Member

left a comment

Getting closer! Left a few comments.

@tniessen

This comment has been minimized.

Copy link
Member

commented Sep 15, 2017

Mostly LGTM, will do a review when @jasnell's comments were addressed.

@@ -923,6 +923,22 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {

node::Utf8Value curve(env->isolate(), args[0]);

SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE);

#if defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_CURVES_LIST)

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Sep 15, 2017

Member

I don't think you have to do this #define dance; the versions of openssl we support, support this API.

SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE);

#if defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_CURVES_LIST)
# if defined(SSL_CTX_set_ecdh_auto)

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Sep 15, 2017

Member

Likewise.

if (strcmp(*curve, "auto") == 0)
return;

if (!SSL_CTX_set1_curves_list(sc->ctx_, *curve))

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Sep 15, 2017

Member

One (possibly academic) drawback to SSL_CTX_set1_curves_list() is that it won't let you set more than ~30 curves.

I.e., options = { ecdhCurve: crypto.getCurves().join(':') } won't work because there are over 80 different curves.

This comment has been minimized.

Copy link
@rogaps

rogaps Sep 15, 2017

Author Contributor

Supported curves are listed here. Does the documentation need to mention the lists?

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Sep 15, 2017

Member

Yes, I think that's a good idea. I was initially going to suggest to just refer readers to the relevant RFCs but on second thought, that would work okay for Brainpool (RFC 7027) but RFC 4492 is too much of a grab bag of different algorithms.

@@ -933,10 +949,10 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo<Value>& args) {
if (ecdh == nullptr)
return env->ThrowTypeError("First argument should be a valid curve name");

SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE);

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Sep 15, 2017

Member

Why was this removed?

This comment has been minimized.

Copy link
@tniessen

tniessen Sep 15, 2017

Member

fwiw it was moved up

@rogaps

This comment has been minimized.

Copy link
Contributor Author

commented Sep 15, 2017

Thanks for the reviews. I will address them.

@rogaps rogaps force-pushed the rogaps:multiple-curves-support branch from 9636b1c to a266edc Sep 15, 2017

@jasnell
Copy link
Member

left a comment

LGTM if @bnoordhuis is happy also.

@tniessen

This comment has been minimized.

Copy link
Member

commented Sep 15, 2017

@bnoordhuis
Copy link
Member

left a comment

Thanks, LGTM.

@BridgeAR
Copy link
Member

left a comment

JS and doc LGTM

});

client.on('error', function(error) {
assert.ifError(error);

This comment has been minimized.

Copy link
@BridgeAR

BridgeAR Sep 15, 2017

Member

Nit: (non blocking) assert.ifError is actually meant as callback replacement. Therefore you do not have to wrap it in a function and can use it as client.on("error", assert.ifError) instead. The same in the other test.

@BridgeAR

This comment has been minimized.

Copy link
Member

commented Sep 15, 2017

I am OK with this but in general - would it not be much nicer to use an Array instead of a colon separated string? And we could also allow a Boolean where false is used instead of the string "false" for deactivation and true for "auto"?

@jasnell

This comment has been minimized.

Copy link
Member

commented Sep 15, 2017

would it not be much nicer to use an Array

Perhaps, but using the :-delimited string is consistent with openssl in general. Perhaps as a separate PR support for an Array input can be added.

@jasnell

This comment has been minimized.

Copy link
Member

commented Sep 15, 2017

This is failing significantly on FIPS...

not ok 1445 parallel/test-tls-ecdh-multiple
  ---
  duration_ms: 0.412
  severity: fail
  stack: |-
    _tls_common.js:142
        c.context.setECDHCurve(options.ecdhCurve);
                  ^
    
    Error: Failed to set ECDH curve
        at Object.createSecureContext (_tls_common.js:142:15)
        at new Server (_tls_wrap.js:805:25)
        at Object.exports.createServer (_tls_wrap.js:898:10)
        at Object.<anonymous> (/home/iojs/build/workspace/node-test-commit-linux-fips/nodes/ubuntu1404-64/test/parallel/test-tls-ecdh-multiple.js:30:20)
        at Module._compile (module.js:600:30)
        at Object.Module._extensions..js (module.js:611:10)
        at Module.load (module.js:521:32)
        at tryModuleLoad (module.js:484:12)
        at Function.Module._load (module.js:476:3)
        at Function.Module.runMain (module.js:641:10)
  ...

ping @mhdawson @gibfahn

@rogaps

This comment has been minimized.

Copy link
Contributor Author

commented Sep 15, 2017

@jasnell I overlooked FIPS mode doesn't support brainpoolP256r1.

@rogaps rogaps force-pushed the rogaps:multiple-curves-support branch from a266edc to affa214 Sep 16, 2017

@mhdawson

This comment has been minimized.

Copy link
Member

commented Sep 18, 2017

@rogaps I assume you are just going to update the tests so that they don't try to use brainpoolP256r1 when in FIPs mode. Although maybe you have already updated.

@rogaps

This comment has been minimized.

Copy link
Contributor Author

commented Sep 18, 2017

@mhdawson Sure. I will update the tests for some unsupported curves.

@jasnell

This comment has been minimized.

Copy link
Member

commented Sep 20, 2017

Landed in 873e5bd

@jasnell jasnell closed this Sep 20, 2017

jasnell added a commit that referenced this pull request Sep 20, 2017

crypto: support multiple ECDH curves and auto
Using SSL_CTX_set1_curves_list() (OpenSSL 1.0.2+), this allows to set
colon separated ECDH curve names in SecureContext's ecdhCurve option.
The option can also be set to "auto" to select the curve automatically
from list built in OpenSSL by enabling SSL_CTX_set_ecdh_auto()
(OpenSSL 1.0.2+).

PR-URL: #15206
Ref: #15054
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>

jasnell added a commit that referenced this pull request Sep 20, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 21, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

Qard pushed a commit to Qard/ayo that referenced this pull request Sep 21, 2017

crypto: support multiple ECDH curves and auto
Using SSL_CTX_set1_curves_list() (OpenSSL 1.0.2+), this allows to set
colon separated ECDH curve names in SecureContext's ecdhCurve option.
The option can also be set to "auto" to select the curve automatically
from list built in OpenSSL by enabling SSL_CTX_set_ecdh_auto()
(OpenSSL 1.0.2+).

PR-URL: nodejs/node#15206
Ref: nodejs/node#15054
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>

Qard pushed a commit to Qard/ayo that referenced this pull request Sep 21, 2017

crypto: support multiple ECDH curves and auto
Using SSL_CTX_set1_curves_list() (OpenSSL 1.0.2+), this allows to set
colon separated ECDH curve names in SecureContext's ecdhCurve option.
The option can also be set to "auto" to select the curve automatically
from list built in OpenSSL by enabling SSL_CTX_set_ecdh_auto()
(OpenSSL 1.0.2+).

PR-URL: nodejs/node#15206
Ref: nodejs/node#15054
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>

jasnell added a commit that referenced this pull request Sep 25, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 25, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 26, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 26, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
  * Custom lookup functions are now supported. [#14560](#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 26, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
  * Custom lookup functions are now supported. [#14560](#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 26, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
  * Custom lookup functions are now supported. [#14560](#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 26, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
  * Custom lookup functions are now supported. [#14560](#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

jasnell added a commit that referenced this pull request Sep 26, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
  * Custom lookup functions are now supported. [#14560](#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

MylesBorins added a commit that referenced this pull request Sep 29, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](#7855)
  * Custom lookup functions are now supported. [#14560](#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](#15354)

addaleax added a commit to addaleax/ayo that referenced this pull request Sep 30, 2017

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [#15206](nodejs/node#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [#7855](nodejs/node#7855)
  * Custom lookup functions are now supported. [#14560](nodejs/node#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [#14902](nodejs/node#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [#14245](nodejs/node#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [#15354](nodejs/node#15354)

@Hativ Hativ referenced this pull request Nov 7, 2017

Closed

tls: set ecdhCurve default to 'auto' #16853

4 of 4 tasks complete

tniessen added a commit that referenced this pull request Nov 28, 2017

tls: set ecdhCurve default to 'auto'
For best out-of-the-box compatibility there should not be one default
`ecdhCurve` for the tls client, OpenSSL should choose them
automatically.

See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)

PR-URL: #16853
Refs: #16196
Refs: #1495
Refs: #15206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

@rogaps rogaps deleted the rogaps:multiple-curves-support branch Dec 23, 2017

@MylesBorins MylesBorins referenced this pull request Jan 15, 2018

Closed

Semver Minor Tracking #298

@gibfahn

This comment has been minimized.

Copy link
Member

commented Jan 19, 2018

@nodejs/lts

Post-mortem on this, it contained an accidental breaking change (which brought the code in line with the docs), changing the default curve setting from prime256v1 to auto. I think reverting at this point would do more harm than good, but it is causing problems for users. The change in default will be reverted in 10.x (as a semver-major).

One thing that would help would be @sam-github 's suggestion in #16853 (comment), which is adding aNODE_OPTIONS option that allows users to change the default back to auto without needing to change dependency code.

Quite a few people have hit this, so IMO we should prioritize getting this fixed and backported to 8.x and 6.x.

msoechting added a commit to hpicgs/node that referenced this pull request Feb 5, 2018

tls: set ecdhCurve default to 'auto'
For best out-of-the-box compatibility there should not be one default
`ecdhCurve` for the tls client, OpenSSL should choose them
automatically.

See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)

PR-URL: nodejs#16853
Refs: nodejs#16196
Refs: nodejs#1495
Refs: nodejs#15206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

msoechting added a commit to hpicgs/node that referenced this pull request Feb 7, 2018

tls: set ecdhCurve default to 'auto'
For best out-of-the-box compatibility there should not be one default
`ecdhCurve` for the tls client, OpenSSL should choose them
automatically.

See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)

PR-URL: nodejs#16853
Refs: nodejs#16196
Refs: nodejs#1495
Refs: nodejs#15206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

gabrielschulhof added a commit to gabrielschulhof/node that referenced this pull request Mar 15, 2018

2017-09-26, Node.js Version 8.6.0 (Current)
* **crypto**
  * Support for multiple ECDH curves. [nodejs#15206](nodejs#15206)
* **dgram**
  * Added `setMulticastInterface()` API. [nodejs#7855](nodejs#7855)
  * Custom lookup functions are now supported. [nodejs#14560](nodejs#14560)
* **n-api**
  * The command-line flag is no longer required to use N-API. [nodejs#14902](nodejs#14902)
* **tls**
  * Docs-only deprecation of `parseCertString()`. [nodejs#14245](nodejs#14245)
* **New Contributors**
  * Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator! [nodejs#15354](nodejs#15354)

This applies parts of 05e4c1d thar are
relevant to N-API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.