You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 22, 2023. It is now read-only.
We have made some changes to the way default ciphers list are handled recently, and I have two questions about the current implementation:
Why does tls.connect do not define default.ciphers when DEFAULT_CIPHERS === _crypto.getLegacyCiphers('v0.10.38')? (As a side note, I think we want to use !== on that line). That makes me think that we may want to add support for the --enable-legacy-cipher-list and --cipher-list options to test/external/ssl-options to make sure that node behaves as we expect in this regard. We've had some interesting surprises in the past when running these tests.
When using both --cipher-list and --enable-legacy-cipher-list command line options, users are not warned about potential misuse. For instance, I can run node with:
and think that foo will be the default ciphers list, but in fact it will be v0.10.38's default cipher list.
Basically, it seems that using --enable-legacy-cipher-list always overwrites any usage of --cipher-list. It doesn't seem to be mentioned in the documentation, and I think that if the two are mutually exclusive, node should exit with an error and not continue silently.
We have made some changes to the way default ciphers list are handled recently, and I have two questions about the current implementation:
tls.connectdo not definedefault.cipherswhenDEFAULT_CIPHERS === _crypto.getLegacyCiphers('v0.10.38')? (As a side note, I think we want to use!==on that line). That makes me think that we may want to add support for the--enable-legacy-cipher-listand--cipher-listoptions totest/external/ssl-optionsto make sure that node behaves as we expect in this regard. We've had some interesting surprises in the past when running these tests.--cipher-listand--enable-legacy-cipher-listcommand line options, users are not warned about potential misuse. For instance, I can run node with:and think that
foowill be the default ciphers list, but in fact it will be v0.10.38's default cipher list.Basically, it seems that using
--enable-legacy-cipher-listalways overwrites any usage of--cipher-list. It doesn't seem to be mentioned in the documentation, and I think that if the two are mutually exclusive, node should exit with an error and not continue silently./cc @jasnell