Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto,tls: remove SSLv2 support #5529

Merged
merged 1 commit into from
Mar 2, 2016

Conversation

bnoordhuis
Copy link
Member

@bnoordhuis bnoordhuis added tls Issues and PRs related to the tls subsystem. crypto Issues and PRs related to the crypto subsystem. land-on-v0.10 labels Mar 2, 2016
@rvagg
Copy link
Member

rvagg commented Mar 2, 2016

lgtm pending CI outcome, thanks for this @bnoordhuis

@bnoordhuis
Copy link
Member Author

Second try, accounting for Windows line endings this time: https://ci.nodejs.org/job/node-test-pull-request/1815/

@@ -2675,8 +2674,8 @@ static void ParseArgs(int argc, char **argv) {
argv[i] = const_cast<char*>("");
#if HAVE_OPENSSL
} else if (strcmp(arg, "--enable-ssl2") == 0) {
SSL2_ENABLE = true;
argv[i] = const_cast<char*>("");
fprintf(stderr, "Error: --enable-ssl2 is no longer supported.\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe print CVE # here?

@bnoordhuis
Copy link
Member Author

CI with CVE added to error message: https://ci.nodejs.org/job/node-test-pull-request/1818/

Remove support for SSLv2 because of DROWN (CVE-2016-0800).

Use of the `--enable-ssl2` flag is now an error; node will print an
error message and exit.

Fixes: nodejs/Release#80
PR-URL: nodejs#5529
Reviewed-By: Rod Vagg <rod@vagg.org>
@Fishrock123
Copy link
Contributor

This solution LGTM but I would rather more people sign off on the code itself if possible. (Since I would rather not sign-off on c++ yet)

@bnoordhuis bnoordhuis force-pushed the v0.10-remove-sslv2 branch from f23aecc to f8cb0dc Compare March 2, 2016 21:18
@bnoordhuis bnoordhuis merged commit f8cb0dc into nodejs:v0.10-staging Mar 2, 2016
@bnoordhuis bnoordhuis deleted the v0.10-remove-sslv2 branch March 2, 2016 21:18
@rvagg
Copy link
Member

rvagg commented Mar 2, 2016

@bnoordhuis can you copy this to v0.12? It should be the same there right?

@bnoordhuis
Copy link
Member Author

Working on it. It's not quite the same though because of our custom clienthello parser.

@shigeki
Copy link
Contributor

shigeki commented Mar 2, 2016

I have to go to medical checkup today. I'll take a look at this after back.

shigeki pushed a commit to shigeki/node that referenced this pull request Mar 3, 2016
Constants and doc descriptions related to SSLv2 are no longer needed.

Fixes: nodejs#5529
shigeki pushed a commit that referenced this pull request Mar 3, 2016
Doc descriptions related to SSLv2 are no longer needed.

Fixes: #5529
PR-URL: #5541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
rvagg pushed a commit that referenced this pull request Mar 3, 2016
Doc descriptions related to SSLv2 are no longer needed.

Fixes: #5529
PR-URL: #5541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@jasnell
Copy link
Member

jasnell commented Mar 3, 2016

This LGTM but want to get @shigeki's feedback when he's able.

@jasnell
Copy link
Member

jasnell commented Mar 3, 2016

ha! just realized it was already merged... ;-)

jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
Doc descriptions related to SSLv2 are no longer needed.

Fixes: nodejs/node#5529
PR-URL: nodejs/node#5541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto Issues and PRs related to the crypto subsystem. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants