Skip to content

Commit

Permalink
tls: disallow conflicting TLS protocol options
Browse files Browse the repository at this point in the history
Do not allow the minimum protocol level to be set higher than the max
protocol level.

See: #26951, 109c097

PR-URL: #27521
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
  • Loading branch information
sam-github authored and targos committed May 4, 2019
1 parent 014a9fd commit 7bbf951
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/node_options.cc
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,11 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) {
errors->push_back("invalid value for --unhandled-rejections");
}

if (tls_min_v1_3 && tls_max_v1_2) {
errors->push_back("either --tls-min-v1.3 or --tls-max-v1.2 can be "
"used, not both");
}

#if HAVE_INSPECTOR
if (!cpu_prof) {
if (!cpu_prof_name.empty()) {
Expand Down
14 changes: 14 additions & 0 deletions test/parallel/test-tls-cli-min-max-conflict.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');

// Check that conflicting TLS protocol versions are not allowed

const assert = require('assert');
const child_process = require('child_process');

const args = ['--tls-min-v1.3', '--tls-max-v1.2', '-p', 'process.version'];
child_process.execFile(process.argv[0], args, (err) => {
assert(err);
assert(/not both/.test(err.message));
});

0 comments on commit 7bbf951

Please sign in to comment.