|
|
b24b2a |
From 77cbd12e600a599351ec3b0b0302c7fcd1f9ec0b Mon Sep 17 00:00:00 2001
|
|
|
d744d0 |
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
|
|
|
b24b2a |
Date: Mon, 23 Nov 2020 11:57:32 +0100
|
|
|
d744d0 |
Subject: [PATCH] Disable unsupported OpenSSL features
|
|
|
d744d0 |
MIME-Version: 1.0
|
|
|
d744d0 |
Content-Type: text/plain; charset=UTF-8
|
|
|
d744d0 |
Content-Transfer-Encoding: 8bit
|
|
|
d744d0 |
|
|
|
d744d0 |
- Disable no-certificate PSK authentication
|
|
|
d744d0 |
|
|
|
d744d0 |
There is no obvious way to reimplement it using only OpenSSL 1.0 public APIs.
|
|
|
d744d0 |
|
|
|
d744d0 |
- Disable queries for standard cipher name
|
|
|
d744d0 |
|
|
|
d744d0 |
OpenSSL 1.0 does not record said names.
|
|
|
d744d0 |
|
|
|
d744d0 |
- Remove ClientHello getters
|
|
|
d744d0 |
|
|
|
d744d0 |
The disabled functions internally use
|
|
|
d744d0 |
`SSL_client_hello_get0_ext`/`SSL_client_hello_get0_ciphers`,
|
|
|
d744d0 |
which are not available on legacy OpenSSL.
|
|
|
d744d0 |
There may be another way to get to the same data,
|
|
|
d744d0 |
but nothing jumps out in the OpenSSL 1.0.2 documentation.
|
|
|
d744d0 |
|
|
|
d744d0 |
- Remove TLSv1.3 CLI options
|
|
|
d744d0 |
|
|
|
d744d0 |
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
|
d744d0 |
---
|
|
|
d744d0 |
doc/api/cli.md | 18 ------------------
|
|
|
d744d0 |
doc/api/tls.md | 15 +++++++--------
|
|
|
d744d0 |
src/env.h | 11 ++++++++++-
|
|
|
d744d0 |
src/node_crypto_common.cc | 12 ++++++++++++
|
|
|
d744d0 |
src/node_crypto_common.h | 6 ++++++
|
|
|
d744d0 |
src/node_options.cc | 10 +++++++++-
|
|
|
d744d0 |
.../test-tls-cli-max-version-1.3.js | 0
|
|
|
d744d0 |
.../test-tls-cli-min-max-conflict.js | 0
|
|
|
d744d0 |
.../test-tls-cli-min-version-1.3.js | 0
|
|
|
d744d0 |
9 files changed, 44 insertions(+), 28 deletions(-)
|
|
|
d744d0 |
rename test/{parallel => known_issues}/test-tls-cli-max-version-1.3.js (100%)
|
|
|
d744d0 |
rename test/{parallel => known_issues}/test-tls-cli-min-max-conflict.js (100%)
|
|
|
d744d0 |
rename test/{parallel => known_issues}/test-tls-cli-min-version-1.3.js (100%)
|
|
|
d744d0 |
|
|
|
d744d0 |
diff --git a/doc/api/cli.md b/doc/api/cli.md
|
|
|
b24b2a |
index e6d49feef6..47976c670b 100644
|
|
|
d744d0 |
--- a/doc/api/cli.md
|
|
|
d744d0 |
+++ b/doc/api/cli.md
|
|
|
b24b2a |
@@ -810,14 +810,6 @@ added: v12.0.0
|
|
|
d744d0 |
Set [`tls.DEFAULT_MAX_VERSION`][] to 'TLSv1.2'. Use to disable support for
|
|
|
d744d0 |
TLSv1.3.
|
|
|
d744d0 |
|
|
|
d744d0 |
-### `--tls-max-v1.3`
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-added: v12.0.0
|
|
|
d744d0 |
--->
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-Set default [`tls.DEFAULT_MAX_VERSION`][] to 'TLSv1.3'. Use to enable support
|
|
|
d744d0 |
-for TLSv1.3.
|
|
|
d744d0 |
-
|
|
|
d744d0 |
### `--tls-min-v1.0`
|
|
|
d744d0 |
|
|
|
d744d0 |
added: v12.0.0
|
|
|
b24b2a |
@@ -843,14 +835,6 @@ Set default [`tls.DEFAULT_MIN_VERSION`][] to 'TLSv1.2'. This is the default for
|
|
|
d744d0 |
12.x and later, but the option is supported for compatibility with older Node.js
|
|
|
d744d0 |
versions.
|
|
|
d744d0 |
|
|
|
d744d0 |
-### `--tls-min-v1.3`
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-added: v12.0.0
|
|
|
d744d0 |
--->
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-Set default [`tls.DEFAULT_MIN_VERSION`][] to 'TLSv1.3'. Use to disable support
|
|
|
d744d0 |
-for TLSv1.2, which is not as secure as TLSv1.3.
|
|
|
d744d0 |
-
|
|
|
d744d0 |
### `--trace-deprecation`
|
|
|
d744d0 |
|
|
|
d744d0 |
added: v0.8.0
|
|
|
b24b2a |
@@ -1234,11 +1218,9 @@ Node.js options that are allowed are:
|
|
|
d744d0 |
* `--tls-cipher-list`
|
|
|
d744d0 |
* `--tls-keylog`
|
|
|
d744d0 |
* `--tls-max-v1.2`
|
|
|
d744d0 |
-* `--tls-max-v1.3`
|
|
|
d744d0 |
* `--tls-min-v1.0`
|
|
|
d744d0 |
* `--tls-min-v1.1`
|
|
|
d744d0 |
* `--tls-min-v1.2`
|
|
|
d744d0 |
-* `--tls-min-v1.3`
|
|
|
d744d0 |
* `--trace-deprecation`
|
|
|
d744d0 |
* `--trace-event-categories`
|
|
|
d744d0 |
* `--trace-event-file-pattern`
|
|
|
d744d0 |
diff --git a/doc/api/tls.md b/doc/api/tls.md
|
|
|
b24b2a |
index 12d724e4d4..af3e42fcbe 100644
|
|
|
d744d0 |
--- a/doc/api/tls.md
|
|
|
d744d0 |
+++ b/doc/api/tls.md
|
|
|
b24b2a |
@@ -1947,10 +1947,10 @@ added: v11.4.0
|
|
|
d744d0 |
|
|
|
d744d0 |
* {string} The default value of the `maxVersion` option of
|
|
|
d744d0 |
[`tls.createSecureContext()`][]. It can be assigned any of the supported TLS
|
|
|
d744d0 |
- protocol versions, `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
- **Default:** `'TLSv1.3'`, unless changed using CLI options. Using
|
|
|
d744d0 |
- `--tls-max-v1.2` sets the default to `'TLSv1.2'`. Using `--tls-max-v1.3` sets
|
|
|
d744d0 |
- the default to `'TLSv1.3'`. If multiple of the options are provided, the
|
|
|
d744d0 |
+ protocol versions, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
+ **Default:** `'TLSv1.2'`, unless changed using CLI options. Using
|
|
|
d744d0 |
+ `--tls-max-v1.2` sets the default to `'TLSv1.2'`.
|
|
|
d744d0 |
+ If multiple of the options are provided, the
|
|
|
d744d0 |
highest maximum is used.
|
|
|
d744d0 |
|
|
|
d744d0 |
## `tls.DEFAULT_MIN_VERSION`
|
|
|
b24b2a |
@@ -1960,12 +1960,11 @@ added: v11.4.0
|
|
|
d744d0 |
|
|
|
d744d0 |
* {string} The default value of the `minVersion` option of
|
|
|
d744d0 |
[`tls.createSecureContext()`][]. It can be assigned any of the supported TLS
|
|
|
d744d0 |
- protocol versions, `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
+ protocol versions, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
**Default:** `'TLSv1.2'`, unless changed using CLI options. Using
|
|
|
d744d0 |
`--tls-min-v1.0` sets the default to `'TLSv1'`. Using `--tls-min-v1.1` sets
|
|
|
d744d0 |
- the default to `'TLSv1.1'`. Using `--tls-min-v1.3` sets the default to
|
|
|
d744d0 |
- `'TLSv1.3'`. If multiple of the options are provided, the lowest minimum is
|
|
|
d744d0 |
- used.
|
|
|
d744d0 |
+ the default to `'TLSv1.1'`. If multiple of the options are provided,
|
|
|
d744d0 |
+ the lowest minimum is used.
|
|
|
d744d0 |
|
|
|
b24b2a |
[`'newSession'`]: #tls_event_newsession
|
|
|
b24b2a |
[`'resumeSession'`]: #tls_event_resumesession
|
|
|
d744d0 |
diff --git a/src/env.h b/src/env.h
|
|
|
b24b2a |
index d0c0a18796..3df8b45532 100644
|
|
|
d744d0 |
--- a/src/env.h
|
|
|
d744d0 |
+++ b/src/env.h
|
|
|
d744d0 |
@@ -51,6 +51,8 @@
|
|
|
d744d0 |
#include <unordered_set>
|
|
|
d744d0 |
#include <vector>
|
|
|
d744d0 |
|
|
|
d744d0 |
+#include <node-ssl-shim/ssl-shim.h>
|
|
|
d744d0 |
+
|
|
|
d744d0 |
struct nghttp2_rcbuf;
|
|
|
d744d0 |
|
|
|
d744d0 |
namespace node {
|
|
|
d744d0 |
@@ -148,6 +150,13 @@ constexpr size_t kFsStatsBufferLength =
|
|
|
d744d0 |
// Make sure that any macro V defined for use with the PER_ISOLATE_* macros is
|
|
|
d744d0 |
// undefined again after use.
|
|
|
d744d0 |
|
|
|
d744d0 |
+// Some symbols/strings are not defined when using legacy OpenSSL
|
|
|
d744d0 |
+#if OPENSSL_IS_LEGACY
|
|
|
d744d0 |
+# define NODE_ENV_STANDARD_NAME_STRING
|
|
|
d744d0 |
+#else // OPENSSL_IS_LEGACY
|
|
|
d744d0 |
+# define NODE_ENV_STANDARD_NAME_STRING V(standard_name_string, "standardName")
|
|
|
d744d0 |
+#endif // OPENSSL_IS_LEGACY
|
|
|
d744d0 |
+
|
|
|
d744d0 |
// Private symbols are per-isolate primitives but Environment proxies them
|
|
|
d744d0 |
// for the sake of convenience. Strings should be ASCII-only and have a
|
|
|
d744d0 |
// "node:" prefix to avoid name clashes with third-party code.
|
|
|
b24b2a |
@@ -368,7 +377,7 @@ constexpr size_t kFsStatsBufferLength =
|
|
|
d744d0 |
V(sni_context_string, "sni_context") \
|
|
|
d744d0 |
V(source_string, "source") \
|
|
|
d744d0 |
V(stack_string, "stack") \
|
|
|
d744d0 |
- V(standard_name_string, "standardName") \
|
|
|
d744d0 |
+ NODE_ENV_STANDARD_NAME_STRING \
|
|
|
d744d0 |
V(start_time_string, "startTime") \
|
|
|
d744d0 |
V(status_string, "status") \
|
|
|
d744d0 |
V(stdio_string, "stdio") \
|
|
|
d744d0 |
diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc
|
|
|
b24b2a |
index d1d9edd6cd..a5724a51fe 100644
|
|
|
d744d0 |
--- a/src/node_crypto_common.cc
|
|
|
d744d0 |
+++ b/src/node_crypto_common.cc
|
|
|
d744d0 |
@@ -210,6 +210,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
|
|
|
d744d0 |
if (X509* peer_cert = SSL_get_peer_certificate(ssl.get())) {
|
|
|
d744d0 |
X509_free(peer_cert);
|
|
|
d744d0 |
err = SSL_get_verify_result(ssl.get());
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
} else {
|
|
|
d744d0 |
const SSL_CIPHER* curr_cipher = SSL_get_current_cipher(ssl.get());
|
|
|
d744d0 |
const SSL_SESSION* sess = SSL_get_session(ssl.get());
|
|
|
d744d0 |
@@ -221,6 +222,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
|
|
|
d744d0 |
SSL_session_reused(ssl.get()))) {
|
|
|
d744d0 |
return X509_V_OK;
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
}
|
|
|
d744d0 |
return err;
|
|
|
d744d0 |
}
|
|
|
d744d0 |
@@ -238,6 +240,7 @@ int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr<SecureContext> context) {
|
|
|
d744d0 |
return err;
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
const char* GetClientHelloALPN(const SSLPointer& ssl) {
|
|
|
d744d0 |
const unsigned char* buf;
|
|
|
d744d0 |
size_t len;
|
|
|
d744d0 |
@@ -284,6 +287,7 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
|
|
|
d744d0 |
return nullptr;
|
|
|
d744d0 |
return reinterpret_cast<const char*>(buf + 5);
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
const char* GetServerName(SSL* ssl) {
|
|
|
d744d0 |
return SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
|
b24b2a |
@@ -405,11 +409,13 @@ MaybeLocal<Value> GetCipherName(Environment* env, const SSL_CIPHER* cipher) {
|
|
|
b24b2a |
return GetCipherValue(env, cipher, SSL_CIPHER_get_name);
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
MaybeLocal<Value> GetCipherStandardName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSL_CIPHER* cipher) {
|
|
|
b24b2a |
return GetCipherValue(env, cipher, SSL_CIPHER_standard_name);
|
|
|
d744d0 |
}
|
|
|
b24b2a |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
b24b2a |
MaybeLocal<Value> GetCipherVersion(Environment* env, const SSL_CIPHER* cipher) {
|
|
|
b24b2a |
return GetCipherValue(env, cipher, SSL_CIPHER_get_version);
|
|
|
b24b2a |
@@ -761,16 +767,19 @@ MaybeLocal<Value> GetCipherName(Environment* env, const SSLPointer& ssl) {
|
|
|
d744d0 |
return GetCipherName(env, SSL_get_current_cipher(ssl.get()));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
MaybeLocal<Value> GetCipherStandardName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl) {
|
|
|
d744d0 |
return GetCipherStandardName(env, SSL_get_current_cipher(ssl.get()));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
MaybeLocal<Value> GetCipherVersion(Environment* env, const SSLPointer& ssl) {
|
|
|
d744d0 |
return GetCipherVersion(env, SSL_get_current_cipher(ssl.get()));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
MaybeLocal<Array> GetClientHelloCiphers(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl) {
|
|
|
b24b2a |
@@ -803,6 +812,7 @@ MaybeLocal<Array> GetClientHelloCiphers(
|
|
|
d744d0 |
Local<Array> ret = Array::New(env->isolate(), ciphers.out(), count);
|
|
|
d744d0 |
return scope.Escape(ret);
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
|
|
|
d744d0 |
MaybeLocal<Object> GetCipherInfo(Environment* env, const SSLPointer& ssl) {
|
|
|
b24b2a |
@@ -813,10 +823,12 @@ MaybeLocal<Object> GetCipherInfo(Environment* env, const SSLPointer& ssl) {
|
|
|
d744d0 |
info,
|
|
|
d744d0 |
env->name_string(),
|
|
|
d744d0 |
GetCipherName(env, ssl)) ||
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
!Set<Value>(env->context(),
|
|
|
d744d0 |
info,
|
|
|
d744d0 |
env->standard_name_string(),
|
|
|
d744d0 |
GetCipherStandardName(env, ssl)) ||
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
!Set<Value>(env->context(),
|
|
|
d744d0 |
info,
|
|
|
d744d0 |
env->version_string(),
|
|
|
d744d0 |
diff --git a/src/node_crypto_common.h b/src/node_crypto_common.h
|
|
|
d744d0 |
index c373a97e47..220cb109bc 100644
|
|
|
d744d0 |
--- a/src/node_crypto_common.h
|
|
|
d744d0 |
+++ b/src/node_crypto_common.h
|
|
|
d744d0 |
@@ -73,15 +73,19 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
|
|
|
d744d0 |
|
|
|
d744d0 |
int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr<SecureContext> context);
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
const char* GetClientHelloALPN(const SSLPointer& ssl);
|
|
|
d744d0 |
|
|
|
d744d0 |
const char* GetClientHelloServerName(const SSLPointer& ssl);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
const char* GetServerName(SSL* ssl);
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
v8::MaybeLocal<v8::Array> GetClientHelloCiphers(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
bool SetGroups(SecureContext* sc, const char* groups);
|
|
|
d744d0 |
|
|
|
d744d0 |
@@ -97,9 +101,11 @@ v8::MaybeLocal<v8::Value> GetCipherName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl);
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
v8::MaybeLocal<v8::Value> GetCipherStandardName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
v8::MaybeLocal<v8::Value> GetCipherVersion(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
diff --git a/src/node_options.cc b/src/node_options.cc
|
|
|
b24b2a |
index 824004631f..6a4431f59b 100644
|
|
|
d744d0 |
--- a/src/node_options.cc
|
|
|
d744d0 |
+++ b/src/node_options.cc
|
|
|
d744d0 |
@@ -9,6 +9,8 @@
|
|
|
d744d0 |
#include <sstream>
|
|
|
d744d0 |
#include <cstdlib> // strtoul, errno
|
|
|
d744d0 |
|
|
|
d744d0 |
+#include <node-ssl-shim/features.h>
|
|
|
d744d0 |
+
|
|
|
d744d0 |
using v8::Boolean;
|
|
|
d744d0 |
using v8::Context;
|
|
|
d744d0 |
using v8::FunctionCallbackInfo;
|
|
|
d744d0 |
@@ -128,10 +130,12 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) {
|
|
|
d744d0 |
errors->push_back("invalid value for --unhandled-rejections");
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
if (tls_min_v1_3 && tls_max_v1_2) {
|
|
|
d744d0 |
errors->push_back("either --tls-min-v1.3 or --tls-max-v1.2 can be "
|
|
|
d744d0 |
"used, not both");
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
#if HAVE_INSPECTOR
|
|
|
d744d0 |
if (!cpu_prof) {
|
|
|
b24b2a |
@@ -541,14 +545,17 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
|
|
|
d744d0 |
"set default TLS minimum to TLSv1.2 (default: TLSv1.2)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_min_v1_2,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
AddOption("--tls-min-v1.3",
|
|
|
d744d0 |
"set default TLS minimum to TLSv1.3 (default: TLSv1.2)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_min_v1_3,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
AddOption("--tls-max-v1.2",
|
|
|
d744d0 |
- "set default TLS maximum to TLSv1.2 (default: TLSv1.3)",
|
|
|
d744d0 |
+ "set default TLS maximum to TLSv1.2 (default: TLSv1.2)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_max_v1_2,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
// Current plan is:
|
|
|
d744d0 |
// - 11.x and below: TLS1.3 is opt-in with --tls-max-v1.3
|
|
|
d744d0 |
// - 12.x: TLS1.3 is opt-out with --tls-max-v1.2
|
|
|
b24b2a |
@@ -557,6 +564,7 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
|
|
|
d744d0 |
"set default TLS maximum to TLSv1.3 (default: TLSv1.3)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_max_v1_3,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
PerIsolateOptionsParser::PerIsolateOptionsParser(
|
|
|
d744d0 |
diff --git a/test/parallel/test-tls-cli-max-version-1.3.js b/test/known_issues/test-tls-cli-max-version-1.3.js
|
|
|
d744d0 |
similarity index 100%
|
|
|
d744d0 |
rename from test/parallel/test-tls-cli-max-version-1.3.js
|
|
|
d744d0 |
rename to test/known_issues/test-tls-cli-max-version-1.3.js
|
|
|
d744d0 |
diff --git a/test/parallel/test-tls-cli-min-max-conflict.js b/test/known_issues/test-tls-cli-min-max-conflict.js
|
|
|
d744d0 |
similarity index 100%
|
|
|
d744d0 |
rename from test/parallel/test-tls-cli-min-max-conflict.js
|
|
|
d744d0 |
rename to test/known_issues/test-tls-cli-min-max-conflict.js
|
|
|
d744d0 |
diff --git a/test/parallel/test-tls-cli-min-version-1.3.js b/test/known_issues/test-tls-cli-min-version-1.3.js
|
|
|
d744d0 |
similarity index 100%
|
|
|
d744d0 |
rename from test/parallel/test-tls-cli-min-version-1.3.js
|
|
|
d744d0 |
rename to test/known_issues/test-tls-cli-min-version-1.3.js
|
|
|
d744d0 |
--
|
|
|
b24b2a |
2.28.0
|
|
|
d744d0 |
|