-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v10.x backport] tls: add min/max protocol version options #24979
[v10.x backport] tls: add min/max protocol version options #24979
Conversation
ci: https://ci.nodejs.org/job/node-test-pull-request/19455/ @nodejs/lts @nodejs/crypto |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👌 sweet, I don't recall the rules but I think it needs to be live in 11.x for a release or two before going in. Also tagged as semver-minor which may conflict with plans for 10.x, but this really needs to happen because we're running out of time on 1.1.1.
Our next semver minor isn't planned until march... should we do it earlier? |
no hurry, it's a pre-req for openssl-1.1.1, but can land in the same semver-minor as the openssl update |
17f4208
to
d04c3c2
Compare
4d4c651
to
0b06887
Compare
c1ee936
to
c6cffad
Compare
2d6e145
to
7840f71
Compare
13f9356
to
5711238
Compare
0b06887
to
d06c259
Compare
Fill in correct pr-url: value in the YAML changelog that was missing from f512f5e. The stanza was also sorted in the wrong order, most recent is supposed to be in the beginning of the changes, not the end. PR-URL: nodejs#24759 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: nodejs#24676 PR-URL: nodejs#24405 Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
d06c259
to
a8a0889
Compare
Closed in favour of #26270 |
Backport of a backport... prep work for openssl 1.1.1 to land on v10.x
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.
Backport-PR-URL: #24676
PR-URL: #24405
Reviewed-By: Refael Ackermann [email protected]
Reviewed-By: Rod Vagg [email protected]
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes