8000 tls: disallow conflicting TLS protocol options · nodejs/node@7bbf951 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Commit 7bbf951

Browse files
sam-githubtargos
sam-github
authored and
targos
committed
tls: disallow conflicting TLS protocol options
Do not allow the minimum protocol level to be set higher than the max protocol level. See: #26951, 109c097 PR-URL: #27521 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Rich Trott <rtrott@gmail.com>
1 parent 014a9fd commit 7bbf951

File tree

2 files changed

+19
-0
lines changed

2 files changed

+19
-0
lines changed

src/node_options.cc

+5
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,11 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) {
148148
errors->push_back("invalid value for --unhandled-rejections");
149149
}
150150

151+
if (tls_min_v1_3 && tls_max_v1_2) {
152+
errors->push_back("either --tls-min-v1.3 or --tls-max-v1.2 can be "
153+
"used, not both");
154+
}
155+
151156
#if HAVE_INSPECTOR
152157
if (!cpu_prof) {
153158
if (!cpu_prof_name.empty()) {

test/parallel/test-tls-cli-min-max-conflict.js

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
'use strict';
2+
const common = require('../common');
3+
if (!common.hasCrypto) common.skip('missing crypto');
4+
5+
// Check that conflicting TLS protocol versions are not allowed
6+
7+
const assert = require('assert');
8+
const child_process = require('child_process');
9+
10+
const args = ['--tls-min-v1.3', '--tls-max-v1.2', '-p', 'process.version'];
11+
child_process.execFile(process.argv[0], args, (err) => {
12+
assert(err);
13+
assert(/not both/.test(err.message));
14+
});

0 commit comments

Comments
 (0)
0