Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: don't disable TLS 1.3 without suites #43427

Merged
merged 1 commit into from
Jun 27, 2022

Commits on Jun 20, 2022

  1. crypto: don't disable TLS 1.3 without suites

    In the manual page, there is a statement that ciphersuites contain
    explicit default settings - all TLS 1.3 ciphersuites enabled.
    In node, we assume that an empty setting mean no ciphersuites and
    we disable TLS 1.3. A correct approach to disabling TLS 1.3 is to
    disable TLS 1.3 and by not override the default ciphersuits
    with an empty string.
    
    So, only override OpenSSL's TLS 1.3 ciphersuites with an explicit
    list of ciphers. If none are acceptable, the correct approach is
    to disable TLS 1.3 instead elsewhere.
    
    Fixes: nodejs#43419
    AdamMajer committed Jun 20, 2022
    Configuration menu
    Copy the full SHA
    aeccc82 View commit details
    Browse the repository at this point in the history