-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: add --tls-min-v1.2 CLI switch #27520
Conversation
/to @nodejs/crypto @nodejs/lts |
@@ -586,6 +586,15 @@ added: v12.0.0 | |||
Set default [`tls.DEFAULT_MIN_VERSION`][] to 'TLSv1.1'. Use for compatibility | |||
with old TLS clients or servers. | |||
|
|||
### `--tls-min-v1.2` | |||
<!-- YAML | |||
added: REPLACEME |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will the REPLACEME
value be the wrong version given that this has already landed in earlier versions? Should we put the actual 11.x
version here now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
REPLACEME values are only accurate on the release branch they land in (last time I checked).
assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.2'); | ||
|
||
// Check the min-max version protocol versions against these CLI settings. | ||
require('./test-tls-min-max-version.js'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As with the other PR, totally not blocking, but using require()
to load another test file does give me pause...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that it is the same pattern as the other 4 or 5 tests of TLS CLI options.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @Trott that this does not seem ideal. I would move the test-tls-min-max-version.js
file into the fixtures folder and require that instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can see the argument for it not being a fixture. It's test code, not a fixture loaded by a test. And so we want it linted and so on....
Maybe there's some way to abstract it into common
? That's probably more trouble than it's worth.
Anyway, it gives me pause when I see it, but I'm OK with it, especially since it's the way it's already being done....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I am going to spend half a second wondering if it should be a fixture every single time I come across it though. 😀)
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Switch added in v11.x, add it to master/12.x for consistency and compatibility. See: nodejs#26951, commit bf2c283
7ffedbd
to
ea56e47
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Landed in 3d98051 |
Switch added in v11.x, add it to master/12.x for consistency and compatibility. See: nodejs#26951, commit bf2c283 PR-URL: nodejs#27520 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Switch added in v11.x, add it to master/12.x for consistency and compatibility. See: #26951, commit bf2c283 PR-URL: #27520 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Switch added in v11.x, add it to master/12.x for consistency and
compatibility.
See: #26951, commit bf2c283
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes