Skip to content

Commit

Permalink
Merge pull request #1130 from mayank3012jain/feat/allow_disabling_tls…
Browse files Browse the repository at this point in the history 
…v1_3

Added option to allow disabling TLS v1.3
  • Loading branch information
@codenirvana
codenirvana committed Mar 15, 2021
2 parents a9f6b52 + dc82ef6 commit 97ec852
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 19 deletions.
4 changes: 3 additions & 1 deletion CHANGELOG.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
master:
new features:
- GH-1128 Added new requester option to add user defined system headers
- GH-1130 Added support to disable TLSv1.3 in tlsDisabledProtocols protocol profile behavior
- GH-1128 Added `systemHeaders` requester option to add default system headers

7.26.10:
date: 2021-01-03
chores:
Expand Down
9 changes: 8 additions & 1 deletion lib/requester/core.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -454,7 +454,14 @@ module.exports = {
// the SSL and TLS protocol versions to disabled during negotiation
if (Array.isArray(protocolProfileBehavior.tlsDisabledProtocols)) {
protocolProfileBehavior.tlsDisabledProtocols.forEach(function (protocol) {
options.secureOptions |= constants[SSL_OP_NO + protocol];
// since secure options doesn't support TLSv1.3 before Node 14
// @todo remove the if condition when we drop support for Node 12
if (protocol === 'TLSv1_3' && !constants[SSL_OP_NO + protocol]) {
options.maxVersion = 'TLSv1.2';
}
else {
options.secureOptions |= constants[SSL_OP_NO + protocol];
}
});
}

Expand Down
3 changes: 3 additions & 0 deletions test/integration/bootstrap.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ var _ = require('lodash'),

runtime;

// by default Node 12 throws error on using anything below TLSv1.2
require('tls').DEFAULT_MIN_VERSION = 'TLSv1';

runtime = function (spec, done) {
// restores all spies created through sandbox in the previous run
// @todo avoid restore on the first run
Expand Down
39 changes: 22 additions & 17 deletions test/integration/protocol-profile-behavior/tlsProtocols.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ var fs = require('fs'),
});

describe('tlsDisabledProtocols', function () {
(TLSv1_3_SUPPORTED ? describe.skip : describe)('TLSv1 server', function () {
describe('TLSv1 server', function () {
describe('default', function () {
before(function (done) {
this.run({
Expand Down Expand Up @@ -133,7 +133,7 @@ var fs = require('fs'),
});
});

describe('with TLSv1_1, TLSv1_2 disabled', function () {
describe('with TLSv1_1, TLSv1_2, TLSv1_3 disabled', function () {
before(function (done) {
this.run({
fileResolver: fs,
Expand All @@ -151,7 +151,7 @@ var fs = require('fs'),
}]
},
protocolProfileBehavior: {
tlsDisabledProtocols: ['TLSv1_1', 'TLSv1_2']
tlsDisabledProtocols: ['TLSv1_1', 'TLSv1_2', 'TLSv1_3']
}
}]
}
Expand Down Expand Up @@ -232,7 +232,7 @@ var fs = require('fs'),
});
});

(TLSv1_3_SUPPORTED ? describe.skip : describe)('TLSv1_1 server', function () {
describe('TLSv1_1 server', function () {
describe('default TLSv1.1 server', function () {
before(function (done) {
this.run({
Expand Down Expand Up @@ -285,7 +285,7 @@ var fs = require('fs'),
});
});

describe('with TLSv1, TLSv1_2 disabled', function () {
describe('with TLSv1, TLSv1_2, TLSv1_3 disabled', function () {
before(function (done) {
this.run({
fileResolver: fs,
Expand All @@ -303,7 +303,7 @@ var fs = require('fs'),
}]
},
protocolProfileBehavior: {
tlsDisabledProtocols: ['TLSv1', 'TLSv1_2']
tlsDisabledProtocols: ['TLSv1', 'TLSv1_2', 'TLSv1_3']
}
}]
}
Expand Down Expand Up @@ -435,7 +435,7 @@ var fs = require('fs'),
});
});

describe('with TLSv1, TLSv1_1 disabled', function () {
describe('with TLSv1, TLSv1_1, TLSv1_3 disabled', function () {
before(function (done) {
this.run({
fileResolver: fs,
Expand All @@ -453,7 +453,7 @@ var fs = require('fs'),
}]
},
protocolProfileBehavior: {
tlsDisabledProtocols: ['TLSv1', 'TLSv1_1']
tlsDisabledProtocols: ['TLSv1', 'TLSv1_1', 'TLSv1_3']
}
}]
}
Expand Down Expand Up @@ -587,7 +587,7 @@ var fs = require('fs'),
});
});

describe('TLSv1.3 with TLSv1_1, TLSv1_2 disabled', function () {
describe('TLSv1.3 with TLSv1, TLSv1_1, TLSv1_2 disabled', function () {
before(function (done) {
this.run({
fileResolver: fs,
Expand All @@ -605,7 +605,7 @@ var fs = require('fs'),
}]
},
protocolProfileBehavior: {
tlsDisabledProtocols: ['TLSv1_1', 'TLSv1_2']
tlsDisabledProtocols: ['TLSv1', 'TLSv1_1', 'TLSv1_2']
}
}]
}
Expand Down Expand Up @@ -642,8 +642,7 @@ var fs = require('fs'),
});
});

// @todo: Add support for TLS 1.3
describe.skip('with TLSv1.3 disabled', function () {
describe('with TLSv1.3 disabled', function () {
before(function (done) {
this.run({
fileResolver: fs,
Expand Down Expand Up @@ -687,12 +686,14 @@ var fs = require('fs'),
});
});

(TLSv1_3_SUPPORTED ? describe.skip : describe)('TLSv1 & TLSv1_1 server', function () {
describe('TLSv1 & TLSv1_1 server', function () {
var sslServer;

before(function (done) {
sslServer = server.createSSLServer({
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1_2 // Disable SSLv3 and TLSv1_2
maxVersion: 'TLSv1.1',
minVersion: 'TLSv1',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1_2
});
sslServer.on('/', requestHandler);
sslServer.listen(0, done);
Expand Down Expand Up @@ -770,7 +771,7 @@ var fs = require('fs'),
}]
},
protocolProfileBehavior: {
tlsDisabledProtocols: ['SSLv2', 'SSLv3', 'TLSv1_1', 'TLSv1_2']
tlsDisabledProtocols: ['SSLv2', 'SSLv3', 'TLSv1_1', 'TLSv1_2', 'TLSv1_3']
}
}]
}
Expand Down Expand Up @@ -827,7 +828,7 @@ var fs = require('fs'),
}]
},
protocolProfileBehavior: {
tlsDisabledProtocols: ['SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_2']
tlsDisabledProtocols: ['SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_2', 'TLSv1_3']
}
}]
}
Expand Down Expand Up @@ -884,7 +885,7 @@ var fs = require('fs'),
}]
},
protocolProfileBehavior: {
tlsDisabledProtocols: ['SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_1']
tlsDisabledProtocols: ['SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_1', 'TLSv1_3']
}
}]
}
Expand Down Expand Up @@ -919,6 +920,10 @@ var fs = require('fs'),
sslServer.listen(0, done);
});

after(function (done) {
sslServer.destroy(done);
});

describe('default', function () {
before(function (done) {
this.run({
Expand Down

0 comments on commit 97ec852

Please sign in to comment.