Skip to content

Commit 3306070

Browse files
mkrawczukmildsunrise
mkrawczuk
authored and
mildsunrise
committed
crypto: add OP flag constants added in OpenSSL v1.1.1
PR-URL: #33929 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Alba Mendez <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
1 parent 46bef7b commit 3306070

File tree

2 files changed

+45
-0
lines changed

2 files changed

+45
-0
lines changed

doc/api/crypto.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3192,6 +3192,11 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
31923192
<a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html</a>
31933193
for detail.</td>
31943194
</tr>
3195+
<tr>
3196+
<td><code>SSL_OP_ALLOW_NO_DHE_KEX</code></td>
3197+
<td>Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode
3198+
for TLS v1.3</td>
3199+
</tr>
31953200
<tr>
31963201
<td><code>SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION</code></td>
31973202
<td>Allows legacy insecure renegotiation between OpenSSL and unpatched
@@ -3264,10 +3269,18 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
32643269
<td><code>SSL_OP_NO_COMPRESSION</code></td>
32653270
<td>Instructs OpenSSL to disable support for SSL/TLS compression.</td>
32663271
</tr>
3272+
<tr>
3273+
<td><code>SSL_OP_NO_ENCRYPT_THEN_MAC</code></td>
3274+
<td>Instructs OpenSSL to disable encrypt-then-MAC.</td>
3275+
</tr>
32673276
<tr>
32683277
<td><code>SSL_OP_NO_QUERY_MTU</code></td>
32693278
<td></td>
32703279
</tr>
3280+
<tr>
3281+
<td><code>SSL_OP_NO_RENEGOTIATION</code></td>
3282+
<td>Instructs OpenSSL to disable renegotiation.</td>
3283+
</tr>
32713284
<tr>
32723285
<td><code>SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION</code></td>
32733286
<td>Instructs OpenSSL to always start a new session when performing
@@ -3296,6 +3309,10 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
32963309
<tr>
32973310
<td><code>SSL_OP_NO_TLSv1_2</code></td>
32983311
<td>Instructs OpenSSL to turn off TLS v1.2</td>
3312+
</tr>
3313+
<tr>
3314+
<td><code>SSL_OP_NO_TLSv1_3</code></td>
3315+
<td>Instructs OpenSSL to turn off TLS v1.3</td>
32993316
</tr>
33003317
<td><code>SSL_OP_PKCS1_CHECK_1</code></td>
33013318
<td></td>
@@ -3304,6 +3321,14 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
33043321
<td><code>SSL_OP_PKCS1_CHECK_2</code></td>
33053322
<td></td>
33063323
</tr>
3324+
<tr>
3325+
<td><code>SSL_OP_PRIORITIZE_CHACHA</code></td>
3326+
<td>Instructs OpenSSL server to prioritize ChaCha20Poly1305
3327+
when client does.
3328+
This option has no effect if
3329+
<code>SSL_OP_CIPHER_SERVER_PREFERENCE</code>
3330+
is not enabled.</td>
3331+
</tr>
33073332
<tr>
33083333
<td><code>SSL_OP_SINGLE_DH_USE</code></td>
33093334
<td>Instructs OpenSSL to always create a new key when using

src/node_constants.cc

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -806,6 +806,10 @@ void DefineCryptoConstants(Local<Object> target) {
806806
NODE_DEFINE_CONSTANT(target, SSL_OP_ALL);
807807
#endif
808808

809+
#ifdef SSL_OP_ALLOW_NO_DHE_KEX
810+
NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_NO_DHE_KEX);
811+
#endif
812+
809813
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
810814
NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
811815
#endif
@@ -870,10 +874,18 @@ void DefineCryptoConstants(Local<Object> target) {
870874
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION);
871875
#endif
872876

877+
#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC
878+
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_ENCRYPT_THEN_MAC);
879+
#endif
880+
873881
#ifdef SSL_OP_NO_QUERY_MTU
874882
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_QUERY_MTU);
875883
#endif
876884

885+
#ifdef SSL_OP_NO_RENEGOTIATION
886+
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_RENEGOTIATION);
887+
#endif
888+
877889
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
878890
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
879891
#endif
@@ -902,6 +914,10 @@ void DefineCryptoConstants(Local<Object> target) {
902914
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_2);
903915
#endif
904916

917+
#ifdef SSL_OP_NO_TLSv1_3
918+
NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3);
919+
#endif
920+
905921
#ifdef SSL_OP_PKCS1_CHECK_1
906922
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1);
907923
#endif
@@ -910,6 +926,10 @@ void DefineCryptoConstants(Local<Object> target) {
910926
NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2);
911927
#endif
912928

929+
#ifdef SSL_OP_PRIORITIZE_CHACHA
930+
NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA);
931+
#endif
932+
913933
#ifdef SSL_OP_SINGLE_DH_USE
914934
NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE);
915935
#endif

0 commit comments

Comments
 (0)