Skip to content

Commit

Permalink
tls: ciphers allow bang syntax
Browse files Browse the repository at this point in the history
Fixes: nodejs#49699
PR-URL: nodejs#49712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
  • Loading branch information
atlowChemi authored and alexfernandez committed Nov 1, 2023
1 parent 5ba833f commit 36f2344
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
12 changes: 8 additions & 4 deletions lib/internal/tls/secure-context.js
Original file line number Diff line number Diff line change
Expand Up @@ -101,17 +101,21 @@ function processCiphers(ciphers, name) {
ArrayPrototypeFilter(
ciphers,
(cipher) => {
return cipher.length > 0 &&
!StringPrototypeStartsWith(cipher, 'TLS_');
if (cipher.length === 0) return false;
if (StringPrototypeStartsWith(cipher, 'TLS_')) return false;
if (StringPrototypeStartsWith(cipher, '!TLS_')) return false;
return true;
}), ':');

const cipherSuites =
ArrayPrototypeJoin(
ArrayPrototypeFilter(
ciphers,
(cipher) => {
return cipher.length > 0 &&
StringPrototypeStartsWith(cipher, 'TLS_');
if (cipher.length === 0) return false;
if (StringPrototypeStartsWith(cipher, 'TLS_')) return true;
if (StringPrototypeStartsWith(cipher, '!TLS_')) return true;
return false;
}), ':');

// Specifying empty cipher suites for both TLS1.2 and TLS1.3 is invalid, its
Expand Down
5 changes: 3 additions & 2 deletions test/parallel/test-tls-set-ciphers.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (!common.hasOpenSSL3)
common.skip('missing crypto, or OpenSSL version lower than 3');

const fixtures = require('../common/fixtures');
const { inspect } = require('util');
Expand Down Expand Up @@ -85,6 +85,7 @@ test('AES256-SHA', U, 'AES256-SHA');

test(U, 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
test('TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
test('TLS_AES_256_GCM_SHA384:!TLS_CHACHA20_POLY1305_SHA256', U, 'TLS_AES_256_GCM_SHA384');

// Do not have shared ciphers.
test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
Expand Down

0 comments on commit 36f2344

Please sign in to comment.