Skip to content

doc: adding tls.createServer secureOptions section #9340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

doc: adding tls.createServer secureOptions section #9340

wants to merge 1 commit into from

Conversation

@kobelb
Copy link
Contributor

@kobelb kobelb commented Oct 28, 2016
edited
Loading

Checklist
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

doc

Description of change

Adding documentation for the tls.createServer secureOptions.

Resolves: #9025

@nodejs-github-bot nodejs-github-bot added doc Issues and PRs related to the documentations. tls Issues and PRs related to the tls subsystem. labels Oct 28, 2016
sam-github
sam-github reviewed Oct 28, 2016
View reviewed changes
doc/api/tls.md Outdated
Copy link
Contributor

@sam-github sam-github Oct 28, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A bitmask affecting the protocol....

Please describe the default value/behaviour when not specified.

Copy link
Contributor Author

@kobelb kobelb Nov 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm having trouble determining how to specify the default behavior because I'm unsure whether we want to disclose the underlying implementation to the user. The setting itself doesn't really default to anything; however, SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 are always set on the SSL context; and _tls_common.createSecureContext is adding SSL_OP_CIPHER_SERVER_PREFERENCE if the honorCipherOrder options is true. Is this something that we wish to describe to the user in this section?

Copy link
Contributor

@sam-github sam-github Nov 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 always set on the SSL context, can you reference where?

Please review https://github.com/nodejs/node/pull/9800/files, I think I document this.

Copy link
Contributor Author

@kobelb kobelb Nov 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SecureContext itself appears to always be setting these here: https://github.com/nodejs/node/blob/master/src/node_crypto.cc#L398

I have no issues with your PR, and think the documentation you did is sufficient. Feel free to close this one.

sam-github
sam-github reviewed Oct 28, 2016
View reviewed changes
doc/api/tls.md Outdated
Copy link
Contributor

@sam-github sam-github Oct 28, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are no more details in the Crypto Constants section! There are actually three sections, and I can't tell which of the options from which of the sections are actually allowed to be specified as a secureOption. Probably there should be a specific section for the options that are allowed in secureOptions, unless they all are? Or can the options that are valid for secureOptions be used in other places?

@sam-github
Copy link
Contributor

sam-github commented Oct 28, 2016

Definitely needs docs, two thumbs up for that, but these docs aren't quite complete enough to describe how to use the secureOptions, see my comments.

@silverwind
Copy link
Contributor

silverwind commented Nov 23, 2016

ping @kobelb

@kobelb
Copy link
Contributor Author

kobelb commented Nov 23, 2016

@silverwind I'll try and get something together to address the comments early next week

@kobelb kobelb force-pushed the tls-secure-options branch from 43f4705 to 59538eb Compare November 30, 2016 12:15
@silverwind
Copy link
Contributor

silverwind commented Nov 30, 2016

There's now another PR that adds this option: 32c15c9

@sam-github what shall we do with this one?

@sam-github sam-github mentioned this pull request Nov 30, 2016
Closed
4 tasks
@sam-github
Copy link
Contributor

sam-github commented Dec 13, 2016

Author agrees this can be closed #9340 (comment)

@sam-github sam-github closed this Dec 13, 2016
@sam-github sam-github mentioned this pull request Dec 13, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sam-github sam-github sam-github left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

doc Issues and PRs related to the documentations. tls Issues and PRs related to the tls subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kobelb @sam-github @silverwind @nodejs-github-bot