Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: add OP flag constants added in OpenSSL v1.1.1 #33929

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -3182,6 +3182,11 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html</a>
for detail.</td>
</tr>
<tr>
<td><code>SSL_OP_ALLOW_NO_DHE_KEX</code></td>
<td>Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode
for TLS v1.3</td>
</tr>
<tr>
<td><code>SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION</code></td>
<td>Allows legacy insecure renegotiation between OpenSSL and unpatched
Expand Down Expand Up @@ -3254,10 +3259,18 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<td><code>SSL_OP_NO_COMPRESSION</code></td>
<td>Instructs OpenSSL to disable support for SSL/TLS compression.</td>
</tr>
<tr>
<td><code>SSL_OP_NO_ENCRYPT_THEN_MAC</code></td>
<td>Instructs OpenSSL to disable encrypt-then-MAC.</td>
</tr>
<tr>
<td><code>SSL_OP_NO_QUERY_MTU</code></td>
<td></td>
</tr>
<tr>
<td><code>SSL_OP_NO_RENEGOTIATION</code></td>
<td>Instructs OpenSSL to disable renegotiation.</td>
</tr>
<tr>
<td><code>SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION</code></td>
<td>Instructs OpenSSL to always start a new session when performing
Expand Down Expand Up @@ -3286,6 +3299,10 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<tr>
<td><code>SSL_OP_NO_TLSv1_2</code></td>
<td>Instructs OpenSSL to turn off TLS v1.2</td>
</tr>
<tr>
<td><code>SSL_OP_NO_TLSv1_3</code></td>
<td>Instructs OpenSSL to turn off TLS v1.3</td>
</tr>
<td><code>SSL_OP_PKCS1_CHECK_1</code></td>
<td></td>
Expand All @@ -3294,6 +3311,14 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
<td><code>SSL_OP_PKCS1_CHECK_2</code></td>
<td></td>
</tr>
<tr>
<td><code>SSL_OP_PRIORITIZE_CHACHA</code></td>
<td>Instructs OpenSSL server to prioritize ChaCha20Poly1305
when client does.
This option has no effect if
<code>SSL_OP_CIPHER_SERVER_PREFERENCE</code>
is not enabled.</td>
</tr>
<tr>
<td><code>SSL_OP_SINGLE_DH_USE</code></td>
<td>Instructs OpenSSL to always create a new key when using
Expand Down
20 changes: 20 additions & 0 deletions src/node_constants.cc
Original file line number Diff line number Diff line change
Expand Up @@ -806,6 +806,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_ALL);
#endif

#ifdef SSL_OP_ALLOW_NO_DHE_KEX
NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_NO_DHE_KEX);
#endif

#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
#endif
Expand Down Expand Up @@ -870,10 +874,18 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION);
#endif

#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_ENCRYPT_THEN_MAC);
#endif

#ifdef SSL_OP_NO_QUERY_MTU
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_QUERY_MTU);
#endif

#ifdef SSL_OP_NO_RENEGOTIATION
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_RENEGOTIATION);
#endif

#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
Expand Down Expand Up @@ -902,6 +914,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_2);
#endif

#ifdef SSL_OP_NO_TLSv1_3
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3);
#endif

#ifdef SSL_OP_PKCS1_CHECK_1
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1);
#endif
Expand All @@ -910,6 +926,10 @@ void DefineCryptoConstants(Local<Object> target) {
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2);
#endif

#ifdef SSL_OP_PRIORITIZE_CHACHA
NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA);
#endif

#ifdef SSL_OP_SINGLE_DH_USE
NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE);
#endif
Expand Down