crypto: add `honorCipherOrder` argument

Add `honorCipherOrder` argument to `crypto.createCredentials`. fix #7249
2014-06-25 14:47:59 +04:00 · 2014-06-25 14:47:59 +04:00 · c147e81091
parent e50749bb05
commit c147e81091
3 changed files with 16 additions and 7 deletions
--- a/doc/api/tls.markdown
+++ b/doc/api/tls.markdown
@ -436,6 +436,9 @@ dictionary with keys:
  Consult
  <http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT>
  for details on the format.
+* `honorCipherOrder` : When choosing a cipher, use the server's preferences
+  instead of the client preferences. For further details see `tls` module
+  documentation.

 If no 'ca' details are given, then node.js will use the default
 publicly trusted list of CAs as given in
@ -608,7 +611,8 @@ more information.

 Add secure context that will be used if client request's SNI hostname is
 matching passed `hostname` (wildcards can be used). `context` can contain
-`key`, `cert` and `ca`.
+`key`, `cert`, `ca` and/or any other properties from `tls.createSecureContext`
+`options` argument.

 ### server.maxConnections

--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@ -20,6 +20,7 @@
 // USE OR OTHER DEALINGS IN THE SOFTWARE.

 var util = require('util');
+var constants = require('constants');
 var tls = require('tls');

 // Lazily loaded
@ -54,9 +55,11 @@ exports.SecureContext = SecureContext;
 exports.createSecureContext = function createSecureContext(options, context) {
  if (!options) options = {};

-  var c = new SecureContext(options.secureProtocol,
-                            options.secureOptions,
-                            context);
+  var secureOptions = options.secureOptions;
+  if (options.honorCipherOrder)
+    secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
+
+  var c = new SecureContext(options.secureProtocol, secureOptions, context);

  if (context) return c;

--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@ -602,6 +602,7 @@ function Server(/* [options], listener */) {
    ecdhCurve: self.ecdhCurve,
    secureProtocol: self.secureProtocol,
    secureOptions: self.secureOptions,
+    honorCipherOrder: self.honorCipherOrder,
    crl: self.crl,
    sessionIdContext: self.sessionIdContext
  });
@ -720,9 +721,10 @@ Server.prototype.setOptions = function(options) {
  if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
  if (options.ticketKeys) this.ticketKeys = options.ticketKeys;
  var secureOptions = options.secureOptions || 0;
-  if (options.honorCipherOrder) {
-    secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
-  }
+  if (options.honorCipherOrder)
+    this.honorCipherOrder = true;
+  else
+    this.honorCipherOrder = false;
  if (secureOptions) this.secureOptions = secureOptions;
  if (options.NPNProtocols) tls.convertNPNProtocols(options.NPNProtocols, this);
  if (options.sessionIdContext) {