Fix default ecdh curve for better compatibility#2159
Conversation
|
The bug this change fixes manifests as previews failing to load for a small set of websites when The Lounge is run with certain NodeJS versions. TLS cipher negotiation fails because Node's default is not properly set (nodejs/node#16196). One workaround is to downgrade Node to a version from before the change (v8.5.0). This code change (to auto-negotiate the TLS cipher by default) is the other known workaround, which fixes the issue when running The Lounge under Node v8.6+ and v9. Node v10 will fix this at the source (nodejs/node#16853), but this will still be needed to support LTS versions until at least December 31, 2019 (when Node v8 support is planned to end). |
dgw
left a comment
There was a problem hiding this comment.
As the reporter of this issue, and the one who tracked down the referenced NodeJS ticket, I have tested this change and found it to fix the problem I encountered with loading previews on certain domains. 👍
AlMcKinlay
left a comment
There was a problem hiding this comment.
Oh goodness that's so dumb.
astorije
left a comment
There was a problem hiding this comment.
Oh boy.
Does this affect all versions of v6 and v8? If not, what are the v6/8 versions that are fixing this?
I don't think we have to support this forever or until v10 is the minimal version we support. Supporting LTS versions doesn't mean we have to support all of v6 and all of v8. It's pretty common to see packages that support v6 while specifying >=6.9.0 for example.
In fact, looking at https://nodejs.org/en/download/releases/, it seems that only >=6.9.0 and >= 8.9.0 are LTS versions...
nodejs/node#16196
nodejs/node#16853
This isn't exactly a problem with The Lounge, but as we support LTS versions, we increase compatibility by including a fix for these Node versions.