tls: fix default ciphers not used consistently #23947
Conversation
|
/cc @joyent/node-coreteam @jasnell This overlaps with setting |
| if (options.ciphers) c.context.setCiphers(options.ciphers); | ||
| if (options.ciphers) { | ||
| c.context.setCiphers(options.ciphers); | ||
| } else { |
There was a problem hiding this comment.
There is an extra space between } and else.
There was a problem hiding this comment.
@cjihrig Good catch, thank you! Updated :)
misterdjules
force-pushed
the
fix-no-default-cipher-if-ciphers-null-or-undefined
branch
from
02dc4e9
to
6f24649
Compare
|
Ok, after looking this over, I would recommend changing it slightly then documenting the change in behavior in the API docs. Specifically: var tls = require('tls'); // this is new.. see below
if (options.ciphers) {
c.context.setCiphers(options.ciphers);
} else (!tls.usingV1038Ciphers() || options.ciphers !== undefined) {
c.context.setCiphers(binding.DEFAULT_CIPHER_LIST);
}Basically: options.ciphers is falsy but defined, then the default cipher list is used, otherwise, do not set it. If options.ciphers is undefined because it was not explicitly passed, then fall back to the original default behavior of the default cipher list not being used. I am adding a method ( |
|
Wouldn't make |
Passing null or undefined for the ciphers value of the options parameter of tls.connect and https.get/request makes node *not* use the default ciphers list. This problem had been fixed in node v0.12 with commit 5d2aef1, but for some reason the fix hasn't been backported to v0.10. This change also comes with a test that makes sure that tls/https clients that don't specify a ciphers suite (or a null or undefined one) cannot connect to a server that specifies only RC4-MD5 as the available ciphers suite. This test relies on the fact that RC4-MD5 is not available in the default ciphers suite, which is the case currently in the v0.10 branch.
Backport 408bffe from v0.12. Now that the default ciphers list is used client side even when options.ciphers is not set or set to undefined/null, and that the default ciphers list does not contain RC4 anymore, update the ssl/tls options matrix tests suite to check that a connection that uses RC4 needs both sides of the connection specifying RC4 in their allowed ciphers. Original commit message: test: fix ssl/tls options matrix test The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020.
misterdjules
force-pushed
the
fix-no-default-cipher-if-ciphers-null-or-undefined
branch
from
46b7a15
to
6de65e2
Compare
|
@jasnell Added a second commit to this PR: misterdjules@6de65e2 to make sure that the tests suite in I think it would be useful to add |
|
Finally able to get back to this.. and yes, when using Thinking about it further, perhaps we actually need to flip this around. Make it so that if |
My understanding is that the point of the recent changes in default ciphers list is to prevent clients to use unsafe ciphers when they didn't mean to. In v0.12, specifying Thus, if we think the semantics of the
If I understand correctly, we're already introducing a breaking change that will affect more users: when no |
|
@misterdjules Ok, so passing |
|
@jasnell I think our guiding principle here should be "What is safer for the users, while allowing them the same flexibility as in previous v0.10.x versions and providing them with a smooth upgrade path?". From this perspective I would say that I don't know yet how that would translate in code, and my original concern with these changes was that it would be somehow messy to implement properly, and error prone. But if we can have a reasonably clean implementation that we can test thoroughly, then I would think that's what we want to aim for. |
|
Ok. Sounds good. I'll code that up this afternoon.
|
|
After some discussions with @jasnell, it seems that there are two different ways to look at this:
Note that the only API documentation entry where the @joyent/node-coreteam Thoughts? |
|
@misterdjules @mhdawson ... are we settled on this one? |
|
Moving to milestone v0.10.40, as v0.10.39 was released today. |
|
Closing in favor of #25603. |
Passing
nullorundefinedfor theciphersvalue of theoptionsparameter of
tls.connectandhttps.get/requestmakes node not use thedefault ciphers list.
This problem had been fixed in node v0.12 with commit
5d2aef1, but for some reason the fix
hasn't been backported to v0.10.
This change also comes with a test that makes sure that tls/https
clients that don't specify a ciphers suite (or a null or undefined one)
cannot connect to a server that specifies only RC4-MD5 as the available
ciphers suite.
This test relies on the fact that RC4-MD5 is not
available in the default ciphers suite, which is the case currently in
the v0.10 branch.