Skip to content

Commit

Permalink
tls: disallow conflicting TLS protocol options
Browse files Browse the repository at this point in the history
Do not allow the minimum protocol level to be set higher than the max
protocol level.

See: #26951, 109c097

PR-URL: #27521
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
sam-github committed May 3, 2019
1 parent d370d12 commit cb848b4
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/node_options.cc
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,11 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) {
errors->push_back("invalid value for --unhandled-rejections");
}

if (tls_min_v1_3 && tls_max_v1_2) {
errors->push_back("either --tls-min-v1.3 or --tls-max-v1.2 can be "
"used, not both");
}

#if HAVE_INSPECTOR
if (!cpu_prof) {
if (!cpu_prof_name.empty()) {
Expand Down
14 changes: 14 additions & 0 deletions test/parallel/test-tls-cli-min-max-conflict.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');

// Check that conflicting TLS protocol versions are not allowed

const assert = require('assert');
const child_process = require('child_process');

const args = ['--tls-min-v1.3', '--tls-max-v1.2', '-p', 'process.version'];
child_process.execFile(process.argv[0], args, (err) => {
assert(err);
assert(/not both/.test(err.message));
});

0 comments on commit cb848b4

Please sign in to comment.