Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: nodejs/node-v0.x-archive
base: 94beb2985b4c
Choose a base ref
...
head repository: nodejs/node-v0.x-archive
compare: 4d9c81b7e252
Choose a head ref
  • 5 commits
  • 10 files changed
  • 1 contributor

Commits on Apr 8, 2015

  1. tls: more secure defaults 

    Port of io.js commit: nodejs/node@77f3586

Original commit message:

This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.

Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #14383
    @jasnell
    jasnell committed Apr 8, 2015
    Copy the full SHA
    72357e5 View commit details
    Browse the repository at this point in the history

  2. tls: command-line switch and envar cipher-list override 

    Add command line switches and environment variables to override
the default cipher suite in tls.js

`--cipher-list` and `NODE_CIPHER_LIST` can be used to completely
override the default cipher list with a given value.

`--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST` can
be used to reset the default cipher list back to a known legacy
value shipped in prior Node.js releases

A new `getLegacyCiphers` method on the tis module allows
programmatic access to the old cipher list defaults.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #14383
    @jasnell
    jasnell committed Apr 8, 2015
    Copy the full SHA
    1bf1546 View commit details
    Browse the repository at this point in the history

  3. tls: make --enable-legacy-cipher-list less verbose 

    Based on commit feedback, make the PrintHelp for
--enable-legacy-cipher-list less verbose.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #14383
    @jasnell
    jasnell committed Apr 8, 2015
    Copy the full SHA
    3f58ce6 View commit details
    Browse the repository at this point in the history

  4. tls: pass in isolate with define string constant + style nits 

    Per the commit feedback, fix up style nits and pass in the
isolate with the NODE_DEFINE_STRING_CONSTANT macro.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #14383
    @jasnell
    jasnell committed Apr 8, 2015
    Copy the full SHA
    3705736 View commit details
    Browse the repository at this point in the history

  5. test: fixing a few nits in the test 

    typo and unnecessary options init

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #14383
    @jasnell
    jasnell committed Apr 8, 2015
    Copy the full SHA
    4d9c81b View commit details
    Browse the repository at this point in the history