Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add missing secureProtocol values, and some docs on protocol selection #24386

Closed
wants to merge 2 commits into from

Conversation

sam-github
Copy link
Contributor

@sam-github sam-github commented Nov 15, 2018

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • documentation is changed or added
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Nov 15, 2018
doc/api/cli.md Outdated
clients or servers.
Enable TLSv1.0 and TLSv1.1 by default, in addition to TLSv1.2. This should only
be used for compatibility with old TLS clients or servers. See
[secureProtocol][] for more information.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this?:

Enable TLSv1.0 and TLSv1.1 by default. Use only
for compatibility with old TLS clients or servers. See
[secureProtocol][] for more information.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You removed the "in addition to TLSv1.2". Why? I guess one could argue that saying TLSv1.0 and 1.1 are enabled by default doesn't necessarily mean that ONLY TLS 1.0 and 1.1 are enabled by default, but I don't like to leave people wondering. Lets tell them exactly what will be enabled.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy to s/This should only be used/Use for/.

doc/api/cli.md Outdated Show resolved Hide resolved
doc/api/tls.md Outdated Show resolved Hide resolved
doc/node.1 Outdated Show resolved Hide resolved
doc/node.1 Outdated Show resolved Hide resolved
@sam-github sam-github force-pushed the more-secure-protocols branch from af40ac7 to 818c1eb Compare November 16, 2018 17:42
@vsemozhetbyt

This comment has been minimized.

@sam-github sam-github force-pushed the more-secure-protocols branch from 818c1eb to 25acf88 Compare November 16, 2018 17:43
@sam-github
Copy link
Contributor Author

doc/api/tls.md Outdated Show resolved Hide resolved
Copy link
Contributor

@vsemozhetbyt vsemozhetbyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs LGTM.

Add the two TLS protocol method functions which were missing. They seem
useful, and are already documented as being supported (indirectly, our
docs just point to OpenSSL's docs).
Cross-reference the secureProtocol docs and the CLI docs for --tls-v1.0
and --tls-v1.1 and describe relationship. Make clear that --tls-v1.0
enables TLSv1.0 and TLSv1.1.
@sam-github sam-github force-pushed the more-secure-protocols branch from 25acf88 to 1032db1 Compare November 16, 2018 19:25
@sam-github
Copy link
Contributor Author

@Trott
Copy link
Member

Trott commented Nov 18, 2018

@nodejs/crypto @nodejs/documentation

Copy link
Contributor

@ryzokuken ryzokuken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@sam-github
Copy link
Contributor Author

Landed in eb42c1e...4327326

@sam-github sam-github closed this Nov 19, 2018
@sam-github sam-github deleted the more-secure-protocols branch November 19, 2018 19:21
sam-github added a commit that referenced this pull request Nov 19, 2018
Add the two TLS protocol method functions which were missing. They seem
useful, and are already documented as being supported (indirectly, our
docs just point to OpenSSL's docs).

PR-URL: #24386
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
sam-github added a commit that referenced this pull request Nov 19, 2018
Cross-reference the secureProtocol docs and the CLI docs for --tls-v1.0
and --tls-v1.1 and describe relationship. Make clear that --tls-v1.0
enables TLSv1.0 and TLSv1.1.

PR-URL: #24386
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
@targos
Copy link
Member

targos commented Nov 19, 2018

Should this be backported to v11.x-staging? If yes please follow the guide and raise a backport PR, if not let me know or add the dont-land-on label.

@sam-github
Copy link
Contributor Author

@targos depends on #23814, which is semver-major, so cannot (I assume) get backported to 11.x.

refack pushed a commit to refack/node that referenced this pull request Jan 14, 2019
Add the two TLS protocol method functions which were missing. They seem
useful, and are already documented as being supported (indirectly, our
docs just point to OpenSSL's docs).

PR-URL: nodejs#24386
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
refack pushed a commit to refack/node that referenced this pull request Jan 14, 2019
Cross-reference the secureProtocol docs and the CLI docs for --tls-v1.0
and --tls-v1.1 and describe relationship. Make clear that --tls-v1.0
enables TLSv1.0 and TLSv1.1.

PR-URL: nodejs#24386
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants