crypto: remove obsolete SSL_OP_* constants

None of these constants have any effect in recent OpenSSL versions, not
even in Node.js release lines that still use OpenSSL 1.1.1.

It is likely rare that these options are still used (intentionally), and
removing them is unlikely to break any existing applications. These
constants can only be passed to the secureOptions option of
tls.createSecureContext() and related APIs, and a value of undefined
will be ignored. Similarly, if a bitwise combination of multiple options
is used, undefined constants will not change the behavior because
(a | undefined | b) === (a | b) for (small) integers a and b.

Refs: #46954
Refs: #47066
PR-URL: #47073
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>

src/node_constants.cc

@@ -844,42 +844,10 @@ void DefineCryptoConstants(Local<Object> target) {
     NODE_DEFINE_CONSTANT(target, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
 #endif
 
-#ifdef SSL_OP_EPHEMERAL_RSA
-    NODE_DEFINE_CONSTANT(target, SSL_OP_EPHEMERAL_RSA);
-#endif
-
 #ifdef SSL_OP_LEGACY_SERVER_CONNECT
     NODE_DEFINE_CONSTANT(target, SSL_OP_LEGACY_SERVER_CONNECT);
 #endif
 
-#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-    NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
-#endif
-
-#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_MICROSOFT_SESS_ID_BUG);
-#endif
-
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
-    NODE_DEFINE_CONSTANT(target, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_CA_DN_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CA_DN_BUG);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_CHALLENGE_BUG);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-#endif
-
-#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
-#endif
-
 #ifdef SSL_OP_NO_COMPRESSION
     NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION);
 #endif
@@ -928,42 +896,10 @@ void DefineCryptoConstants(Local<Object> target) {
     NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3);
 #endif
 
-#ifdef SSL_OP_PKCS1_CHECK_1
-    NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1);
-#endif
-
-#ifdef SSL_OP_PKCS1_CHECK_2
-    NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2);
-#endif
-
 #ifdef SSL_OP_PRIORITIZE_CHACHA
     NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA);
 #endif
 
-#ifdef SSL_OP_SINGLE_DH_USE
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE);
-#endif
-
-#ifdef SSL_OP_SINGLE_ECDH_USE
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_ECDH_USE);
-#endif
-
-#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
-#endif
-
-#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
-#endif
-
-#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_BLOCK_PADDING_BUG);
-#endif
-
-#ifdef SSL_OP_TLS_D5_BUG
-    NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_D5_BUG);
-#endif
-
 #ifdef SSL_OP_TLS_ROLLBACK_BUG
     NODE_DEFINE_CONSTANT(target, SSL_OP_TLS_ROLLBACK_BUG);
 #endif

typings/internalBinding/constants.d.ts

@@ -197,15 +197,7 @@ declare function InternalBinding(binding: 'constants'): {
     SSL_OP_COOKIE_EXCHANGE: 8192;
     SSL_OP_CRYPTOPRO_TLSEXT_BUG: 2147483648;
     SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: 2048;
-    SSL_OP_EPHEMERAL_RSA: 0;
     SSL_OP_LEGACY_SERVER_CONNECT: 4;
-    SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: 0;
-    SSL_OP_MICROSOFT_SESS_ID_BUG: 0;
-    SSL_OP_MSIE_SSLV2_RSA_PADDING: 0;
-    SSL_OP_NETSCAPE_CA_DN_BUG: 0;
-    SSL_OP_NETSCAPE_CHALLENGE_BUG: 0;
-    SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: 0;
-    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: 0;
     SSL_OP_NO_COMPRESSION: 131072;
     SSL_OP_NO_ENCRYPT_THEN_MAC: 524288;
     SSL_OP_NO_QUERY_MTU: 4096;
@@ -218,15 +210,7 @@ declare function InternalBinding(binding: 'constants'): {
     SSL_OP_NO_TLSv1_1: 268435456;
     SSL_OP_NO_TLSv1_2: 134217728;
     SSL_OP_NO_TLSv1_3: 536870912;
-    SSL_OP_PKCS1_CHECK_1: 0;
-    SSL_OP_PKCS1_CHECK_2: 0;
     SSL_OP_PRIORITIZE_CHACHA: 2097152;
-    SSL_OP_SINGLE_DH_USE: 0;
-    SSL_OP_SINGLE_ECDH_USE: 0;
-    SSL_OP_SSLEAY_080_CLIENT_DH_BUG: 0;
-    SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: 0;
-    SSL_OP_TLS_BLOCK_PADDING_BUG: 0;
-    SSL_OP_TLS_D5_BUG: 0;
     SSL_OP_TLS_ROLLBACK_BUG: 8388608;
     ENGINE_METHOD_RSA: 1;
     ENGINE_METHOD_DSA: 2;