Skip to content

Commit c147e81

Browse files
indutnyindutny
committed
crypto: add honorCipherOrder argument
Add `honorCipherOrder` argument to `crypto.createCredentials`. fix nodejs#7249
1 parent e50749b commit c147e81

3 files changed

Lines changed: 16 additions & 7 deletions

File tree

doc/api/tls.markdown

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -436,6 +436,9 @@ dictionary with keys:
436436
Consult
437437
<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT>
438438
for details on the format.
439+
* `honorCipherOrder` : When choosing a cipher, use the server's preferences
440+
instead of the client preferences. For further details see `tls` module
441+
documentation.
439442

440443
If no 'ca' details are given, then node.js will use the default
441444
publicly trusted list of CAs as given in
@@ -608,7 +611,8 @@ more information.
608611

609612
Add secure context that will be used if client request's SNI hostname is
610613
matching passed `hostname` (wildcards can be used). `context` can contain
611-
`key`, `cert` and `ca`.
614+
`key`, `cert`, `ca` and/or any other properties from `tls.createSecureContext`
615+
`options` argument.
612616

613617
### server.maxConnections
614618

lib/_tls_common.js

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
// USE OR OTHER DEALINGS IN THE SOFTWARE.
2121

2222
var util = require('util');
23+
var constants = require('constants');
2324
var tls = require('tls');
2425

2526
// Lazily loaded
@@ -54,9 +55,11 @@ exports.SecureContext = SecureContext;
5455
exports.createSecureContext = function createSecureContext(options, context) {
5556
if (!options) options = {};
5657

57-
var c = new SecureContext(options.secureProtocol,
58-
options.secureOptions,
59-
context);
58+
var secureOptions = options.secureOptions;
59+
if (options.honorCipherOrder)
60+
secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
61+
62+
var c = new SecureContext(options.secureProtocol, secureOptions, context);
6063

6164
if (context) return c;
6265

lib/_tls_wrap.js

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -602,6 +602,7 @@ function Server(/* [options], listener */) {
602602
ecdhCurve: self.ecdhCurve,
603603
secureProtocol: self.secureProtocol,
604604
secureOptions: self.secureOptions,
605+
honorCipherOrder: self.honorCipherOrder,
605606
crl: self.crl,
606607
sessionIdContext: self.sessionIdContext
607608
});
@@ -720,9 +721,10 @@ Server.prototype.setOptions = function(options) {
720721
if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
721722
if (options.ticketKeys) this.ticketKeys = options.ticketKeys;
722723
var secureOptions = options.secureOptions || 0;
723-
if (options.honorCipherOrder) {
724-
secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
725-
}
724+
if (options.honorCipherOrder)
725+
this.honorCipherOrder = true;
726+
else
727+
this.honorCipherOrder = false;
726728
if (secureOptions) this.secureOptions = secureOptions;
727729
if (options.NPNProtocols) tls.convertNPNProtocols(options.NPNProtocols, this);
728730
if (options.sessionIdContext) {

0 commit comments

Comments
 (0)