This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
tls: disable RC4, add --cipher-list command line switch #14413
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases.
|
I had reviewed the 0.10.X version of the patch with James and we have run it through our internal builds. FV passed without any regressions, we are starting SVT now. lgtm |
|
Ok. So far the only nit appears to be making the PrintHelp output less On Mon, Apr 6, 2015 at 8:55 AM, Michael Dawson notifications@github.com
|
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose.
| @@ -2652,6 +2657,21 @@ static void ParseArgs(int argc, char **argv) { | |||
| } else if (strcmp(arg, "--throw-deprecation") == 0) { | |||
| argv[i] = const_cast<char*>(""); | |||
| throw_deprecation = true; | |||
| } else if (strncmp(arg, "--cipher-list=", 14) == 0) { | |||
There was a problem hiding this comment.
I'm wondering if we need to support a --cipher-list command line option in v0.10.x. Adding support for --enable-legacy-cipher-list already breaks the contract of not adding additional API in patch releases, and it seems sufficient to handle the use case of users not wanting to use the new default ciphers list.
There was a problem hiding this comment.
Adding --cipher-list here is intended to make it so we don't have to make this kind of change in v0.10.x and v0.12.x again. If another one of the ciphers comes into question, we can tell users to simply pass in the new cipher list rather than going in and changing it.
jasnell
added a commit
that referenced
this pull request
Apr 8, 2015
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: #14413
jasnell
added a commit
that referenced
this pull request
Apr 8, 2015
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: #14413
jasnell
added a commit
that referenced
this pull request
Apr 8, 2015
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: #14413
jasnell
added a commit
that referenced
this pull request
Apr 8, 2015
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: #14413
|
Landed in #67d9a56 and #02a549e |
misterdjules
pushed a commit
to misterdjules/node
that referenced
this pull request
Apr 9, 2015
This change fixes the problem where the cipher list that was setup for a given test was never passed to the client, triggering some false positives with the recent changes made to the ciphers list used by default (see nodejs#14413).
misterdjules
pushed a commit
to misterdjules/node
that referenced
this pull request
Jun 30, 2015
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
misterdjules
pushed a commit
to misterdjules/node
that referenced
this pull request
Jun 30, 2015
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
misterdjules
pushed a commit
to misterdjules/node
that referenced
this pull request
Jun 30, 2015
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
misterdjules
pushed a commit
to misterdjules/node
that referenced
this pull request
Jun 30, 2015
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
misterdjules
pushed a commit
to misterdjules/node
that referenced
this pull request
Jul 16, 2015
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
misterdjules
pushed a commit
to misterdjules/node
that referenced
this pull request
Jul 16, 2015
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this pull request
Nov 4, 2016
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this pull request
Nov 4, 2016
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this pull request
Nov 7, 2016
Disable RC4 in the default cipher list Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST` environment variable to completely override the default cipher list. Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` environment variable to selectively enable the default cipher list from previous node.js releases. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this pull request
Nov 7, 2016
Per feedback on the commit, make the PrintHelp for --enable-legacy-cipher-list less verbose. Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs#14413
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Disable RC4 in the default cipher list
Add the
--cipher-listcommand line switch andNODE_CIPHER_LISTenvironment variable to completely override the default cipher list.
Add the
--enable-legacy-cipher-listandNODE_LEGACY_CIPHER_LISTenvironment variable to selectively enable the default cipher list from
previous node.js releases.
(Targets v0.10.38-release)