-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto,tls: remove SSLv2 support #5529
Conversation
lgtm pending CI outcome, thanks for this @bnoordhuis |
Second try, accounting for Windows line endings this time: https://ci.nodejs.org/job/node-test-pull-request/1815/ |
@@ -2675,8 +2674,8 @@ static void ParseArgs(int argc, char **argv) { | |||
argv[i] = const_cast<char*>(""); | |||
#if HAVE_OPENSSL | |||
} else if (strcmp(arg, "--enable-ssl2") == 0) { | |||
SSL2_ENABLE = true; | |||
argv[i] = const_cast<char*>(""); | |||
fprintf(stderr, "Error: --enable-ssl2 is no longer supported.\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe print CVE # here?
CI with CVE added to error message: https://ci.nodejs.org/job/node-test-pull-request/1818/ |
Remove support for SSLv2 because of DROWN (CVE-2016-0800). Use of the `--enable-ssl2` flag is now an error; node will print an error message and exit. Fixes: nodejs/Release#80 PR-URL: nodejs#5529 Reviewed-By: Rod Vagg <rod@vagg.org>
This solution LGTM but I would rather more people sign off on the code itself if possible. (Since I would rather not sign-off on c++ yet) |
f23aecc
to
f8cb0dc
Compare
@bnoordhuis can you copy this to v0.12? It should be the same there right? |
Working on it. It's not quite the same though because of our custom clienthello parser. |
I have to go to medical checkup today. I'll take a look at this after back. |
Constants and doc descriptions related to SSLv2 are no longer needed. Fixes: nodejs#5529
This LGTM but want to get @shigeki's feedback when he's able. |
ha! just realized it was already merged... ;-) |
Doc descriptions related to SSLv2 are no longer needed. Fixes: nodejs/node#5529 PR-URL: nodejs/node#5541 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
R=@jasnell? @shigeki?
CI: https://ci.nodejs.org/job/node-test-pull-request/1810/