|
 |
d744d0 |
From a081a5fc3d039d1863fed4b0aa07cdbc27f92dc3 Mon Sep 17 00:00:00 2001
|
|
|
d744d0 |
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
|
|
|
d744d0 |
Date: Fri, 2 Oct 2020 13:01:37 +0200
|
|
|
d744d0 |
Subject: [PATCH] Disable unsupported OpenSSL features
|
|
|
d744d0 |
MIME-Version: 1.0
|
|
|
d744d0 |
Content-Type: text/plain; charset=UTF-8
|
|
|
d744d0 |
Content-Transfer-Encoding: 8bit
|
|
|
d744d0 |
|
|
|
d744d0 |
- Disable no-certificate PSK authentication
|
|
|
d744d0 |
|
|
|
d744d0 |
There is no obvious way to reimplement it using only OpenSSL 1.0 public APIs.
|
|
|
d744d0 |
|
|
|
d744d0 |
- Disable queries for standard cipher name
|
|
|
d744d0 |
|
|
|
d744d0 |
OpenSSL 1.0 does not record said names.
|
|
|
d744d0 |
|
|
|
d744d0 |
- Remove ClientHello getters
|
|
|
d744d0 |
|
|
|
d744d0 |
The disabled functions internally use
|
|
|
d744d0 |
`SSL_client_hello_get0_ext`/`SSL_client_hello_get0_ciphers`,
|
|
|
d744d0 |
which are not available on legacy OpenSSL.
|
|
|
d744d0 |
There may be another way to get to the same data,
|
|
|
d744d0 |
but nothing jumps out in the OpenSSL 1.0.2 documentation.
|
|
|
d744d0 |
|
|
|
d744d0 |
- Remove TLSv1.3 CLI options
|
|
|
d744d0 |
|
|
|
d744d0 |
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
|
d744d0 |
---
|
|
|
d744d0 |
doc/api/cli.md | 18 ------------------
|
|
|
d744d0 |
doc/api/tls.md | 15 +++++++--------
|
|
|
d744d0 |
src/env.h | 11 ++++++++++-
|
|
|
d744d0 |
src/node_crypto_common.cc | 12 ++++++++++++
|
|
|
d744d0 |
src/node_crypto_common.h | 6 ++++++
|
|
|
d744d0 |
src/node_options.cc | 10 +++++++++-
|
|
|
d744d0 |
.../test-tls-cli-max-version-1.3.js | 0
|
|
|
d744d0 |
.../test-tls-cli-min-max-conflict.js | 0
|
|
|
d744d0 |
.../test-tls-cli-min-version-1.3.js | 0
|
|
|
d744d0 |
9 files changed, 44 insertions(+), 28 deletions(-)
|
|
|
d744d0 |
rename test/{parallel => known_issues}/test-tls-cli-max-version-1.3.js (100%)
|
|
|
d744d0 |
rename test/{parallel => known_issues}/test-tls-cli-min-max-conflict.js (100%)
|
|
|
d744d0 |
rename test/{parallel => known_issues}/test-tls-cli-min-version-1.3.js (100%)
|
|
|
d744d0 |
|
|
|
d744d0 |
diff --git a/doc/api/cli.md b/doc/api/cli.md
|
|
|
d744d0 |
index 27ab46d555..60fcf6b592 100644
|
|
|
d744d0 |
--- a/doc/api/cli.md
|
|
|
d744d0 |
+++ b/doc/api/cli.md
|
|
|
d744d0 |
@@ -770,14 +770,6 @@ added: v12.0.0
|
|
|
d744d0 |
Set [`tls.DEFAULT_MAX_VERSION`][] to 'TLSv1.2'. Use to disable support for
|
|
|
d744d0 |
TLSv1.3.
|
|
|
d744d0 |
|
|
|
d744d0 |
-### `--tls-max-v1.3`
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-added: v12.0.0
|
|
|
d744d0 |
--->
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-Set default [`tls.DEFAULT_MAX_VERSION`][] to 'TLSv1.3'. Use to enable support
|
|
|
d744d0 |
-for TLSv1.3.
|
|
|
d744d0 |
-
|
|
|
d744d0 |
### `--tls-min-v1.0`
|
|
|
d744d0 |
|
|
|
d744d0 |
added: v12.0.0
|
|
|
d744d0 |
@@ -803,14 +795,6 @@ Set default [`tls.DEFAULT_MIN_VERSION`][] to 'TLSv1.2'. This is the default for
|
|
|
d744d0 |
12.x and later, but the option is supported for compatibility with older Node.js
|
|
|
d744d0 |
versions.
|
|
|
d744d0 |
|
|
|
d744d0 |
-### `--tls-min-v1.3`
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-added: v12.0.0
|
|
|
d744d0 |
--->
|
|
|
d744d0 |
-
|
|
|
d744d0 |
-Set default [`tls.DEFAULT_MIN_VERSION`][] to 'TLSv1.3'. Use to disable support
|
|
|
d744d0 |
-for TLSv1.2, which is not as secure as TLSv1.3.
|
|
|
d744d0 |
-
|
|
|
d744d0 |
### `--trace-deprecation`
|
|
|
d744d0 |
|
|
|
d744d0 |
added: v0.8.0
|
|
|
d744d0 |
@@ -1192,11 +1176,9 @@ Node.js options that are allowed are:
|
|
|
d744d0 |
* `--tls-cipher-list`
|
|
|
d744d0 |
* `--tls-keylog`
|
|
|
d744d0 |
* `--tls-max-v1.2`
|
|
|
d744d0 |
-* `--tls-max-v1.3`
|
|
|
d744d0 |
* `--tls-min-v1.0`
|
|
|
d744d0 |
* `--tls-min-v1.1`
|
|
|
d744d0 |
* `--tls-min-v1.2`
|
|
|
d744d0 |
-* `--tls-min-v1.3`
|
|
|
d744d0 |
* `--trace-deprecation`
|
|
|
d744d0 |
* `--trace-event-categories`
|
|
|
d744d0 |
* `--trace-event-file-pattern`
|
|
|
d744d0 |
diff --git a/doc/api/tls.md b/doc/api/tls.md
|
|
|
d744d0 |
index 41f99c91c8..57bef67b29 100644
|
|
|
d744d0 |
--- a/doc/api/tls.md
|
|
|
d744d0 |
+++ b/doc/api/tls.md
|
|
|
d744d0 |
@@ -1810,10 +1810,10 @@ added: v11.4.0
|
|
|
d744d0 |
|
|
|
d744d0 |
* {string} The default value of the `maxVersion` option of
|
|
|
d744d0 |
[`tls.createSecureContext()`][]. It can be assigned any of the supported TLS
|
|
|
d744d0 |
- protocol versions, `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
- **Default:** `'TLSv1.3'`, unless changed using CLI options. Using
|
|
|
d744d0 |
- `--tls-max-v1.2` sets the default to `'TLSv1.2'`. Using `--tls-max-v1.3` sets
|
|
|
d744d0 |
- the default to `'TLSv1.3'`. If multiple of the options are provided, the
|
|
|
d744d0 |
+ protocol versions, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
+ **Default:** `'TLSv1.2'`, unless changed using CLI options. Using
|
|
|
d744d0 |
+ `--tls-max-v1.2` sets the default to `'TLSv1.2'`.
|
|
|
d744d0 |
+ If multiple of the options are provided, the
|
|
|
d744d0 |
highest maximum is used.
|
|
|
d744d0 |
|
|
|
d744d0 |
## `tls.DEFAULT_MIN_VERSION`
|
|
|
d744d0 |
@@ -1823,12 +1823,11 @@ added: v11.4.0
|
|
|
d744d0 |
|
|
|
d744d0 |
* {string} The default value of the `minVersion` option of
|
|
|
d744d0 |
[`tls.createSecureContext()`][]. It can be assigned any of the supported TLS
|
|
|
d744d0 |
- protocol versions, `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
+ protocol versions, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`.
|
|
|
d744d0 |
**Default:** `'TLSv1.2'`, unless changed using CLI options. Using
|
|
|
d744d0 |
`--tls-min-v1.0` sets the default to `'TLSv1'`. Using `--tls-min-v1.1` sets
|
|
|
d744d0 |
- the default to `'TLSv1.1'`. Using `--tls-min-v1.3` sets the default to
|
|
|
d744d0 |
- `'TLSv1.3'`. If multiple of the options are provided, the lowest minimum is
|
|
|
d744d0 |
- used.
|
|
|
d744d0 |
+ the default to `'TLSv1.1'`. If multiple of the options are provided,
|
|
|
d744d0 |
+ the lowest minimum is used.
|
|
|
d744d0 |
|
|
|
d744d0 |
## Deprecated APIs
|
|
|
d744d0 |
|
|
|
d744d0 |
diff --git a/src/env.h b/src/env.h
|
|
|
d744d0 |
index d22b579b25..52076eb141 100644
|
|
|
d744d0 |
--- a/src/env.h
|
|
|
d744d0 |
+++ b/src/env.h
|
|
|
d744d0 |
@@ -51,6 +51,8 @@
|
|
|
d744d0 |
#include <unordered_set>
|
|
|
d744d0 |
#include <vector>
|
|
|
d744d0 |
|
|
|
d744d0 |
+#include <node-ssl-shim/ssl-shim.h>
|
|
|
d744d0 |
+
|
|
|
d744d0 |
struct nghttp2_rcbuf;
|
|
|
d744d0 |
|
|
|
d744d0 |
namespace node {
|
|
|
d744d0 |
@@ -148,6 +150,13 @@ constexpr size_t kFsStatsBufferLength =
|
|
|
d744d0 |
// Make sure that any macro V defined for use with the PER_ISOLATE_* macros is
|
|
|
d744d0 |
// undefined again after use.
|
|
|
d744d0 |
|
|
|
d744d0 |
+// Some symbols/strings are not defined when using legacy OpenSSL
|
|
|
d744d0 |
+#if OPENSSL_IS_LEGACY
|
|
|
d744d0 |
+# define NODE_ENV_STANDARD_NAME_STRING
|
|
|
d744d0 |
+#else // OPENSSL_IS_LEGACY
|
|
|
d744d0 |
+# define NODE_ENV_STANDARD_NAME_STRING V(standard_name_string, "standardName")
|
|
|
d744d0 |
+#endif // OPENSSL_IS_LEGACY
|
|
|
d744d0 |
+
|
|
|
d744d0 |
// Private symbols are per-isolate primitives but Environment proxies them
|
|
|
d744d0 |
// for the sake of convenience. Strings should be ASCII-only and have a
|
|
|
d744d0 |
// "node:" prefix to avoid name clashes with third-party code.
|
|
|
d744d0 |
@@ -359,7 +368,7 @@ constexpr size_t kFsStatsBufferLength =
|
|
|
d744d0 |
V(sni_context_string, "sni_context") \
|
|
|
d744d0 |
V(source_string, "source") \
|
|
|
d744d0 |
V(stack_string, "stack") \
|
|
|
d744d0 |
- V(standard_name_string, "standardName") \
|
|
|
d744d0 |
+ NODE_ENV_STANDARD_NAME_STRING \
|
|
|
d744d0 |
V(start_time_string, "startTime") \
|
|
|
d744d0 |
V(status_string, "status") \
|
|
|
d744d0 |
V(stdio_string, "stdio") \
|
|
|
d744d0 |
diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc
|
|
|
d744d0 |
index 3b35ee1ff7..e253d1445b 100644
|
|
|
d744d0 |
--- a/src/node_crypto_common.cc
|
|
|
d744d0 |
+++ b/src/node_crypto_common.cc
|
|
|
d744d0 |
@@ -210,6 +210,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
|
|
|
d744d0 |
if (X509* peer_cert = SSL_get_peer_certificate(ssl.get())) {
|
|
|
d744d0 |
X509_free(peer_cert);
|
|
|
d744d0 |
err = SSL_get_verify_result(ssl.get());
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
} else {
|
|
|
d744d0 |
const SSL_CIPHER* curr_cipher = SSL_get_current_cipher(ssl.get());
|
|
|
d744d0 |
const SSL_SESSION* sess = SSL_get_session(ssl.get());
|
|
|
d744d0 |
@@ -221,6 +222,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
|
|
|
d744d0 |
SSL_session_reused(ssl.get()))) {
|
|
|
d744d0 |
return X509_V_OK;
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
}
|
|
|
d744d0 |
return err;
|
|
|
d744d0 |
}
|
|
|
d744d0 |
@@ -238,6 +240,7 @@ int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr<SecureContext> context) {
|
|
|
d744d0 |
return err;
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
const char* GetClientHelloALPN(const SSLPointer& ssl) {
|
|
|
d744d0 |
const unsigned char* buf;
|
|
|
d744d0 |
size_t len;
|
|
|
d744d0 |
@@ -284,6 +287,7 @@ const char* GetClientHelloServerName(const SSLPointer& ssl) {
|
|
|
d744d0 |
return nullptr;
|
|
|
d744d0 |
return reinterpret_cast<const char*>(buf + 5);
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
const char* GetServerName(SSL* ssl) {
|
|
|
d744d0 |
return SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
|
d744d0 |
@@ -394,6 +398,7 @@ MaybeLocal<Value> GetCipherName(
|
|
|
d744d0 |
return OneByteString(env->isolate(), SSL_CIPHER_get_name(cipher));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
MaybeLocal<Value> GetCipherStandardName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSL_CIPHER* cipher) {
|
|
|
d744d0 |
@@ -402,6 +407,7 @@ MaybeLocal<Value> GetCipherStandardName(
|
|
|
d744d0 |
|
|
|
d744d0 |
return OneByteString(env->isolate(), SSL_CIPHER_standard_name(cipher));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
MaybeLocal<Value> GetCipherVersion(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
@@ -758,16 +764,19 @@ MaybeLocal<Value> GetCipherName(Environment* env, const SSLPointer& ssl) {
|
|
|
d744d0 |
return GetCipherName(env, SSL_get_current_cipher(ssl.get()));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
MaybeLocal<Value> GetCipherStandardName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl) {
|
|
|
d744d0 |
return GetCipherStandardName(env, SSL_get_current_cipher(ssl.get()));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
MaybeLocal<Value> GetCipherVersion(Environment* env, const SSLPointer& ssl) {
|
|
|
d744d0 |
return GetCipherVersion(env, SSL_get_current_cipher(ssl.get()));
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
MaybeLocal<Array> GetClientHelloCiphers(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl) {
|
|
|
d744d0 |
@@ -800,6 +809,7 @@ MaybeLocal<Array> GetClientHelloCiphers(
|
|
|
d744d0 |
Local<Array> ret = Array::New(env->isolate(), ciphers.out(), count);
|
|
|
d744d0 |
return scope.Escape(ret);
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
|
|
|
d744d0 |
MaybeLocal<Object> GetCipherInfo(Environment* env, const SSLPointer& ssl) {
|
|
|
d744d0 |
@@ -810,10 +820,12 @@ MaybeLocal<Object> GetCipherInfo(Environment* env, const SSLPointer& ssl) {
|
|
|
d744d0 |
info,
|
|
|
d744d0 |
env->name_string(),
|
|
|
d744d0 |
GetCipherName(env, ssl)) ||
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
!Set<Value>(env->context(),
|
|
|
d744d0 |
info,
|
|
|
d744d0 |
env->standard_name_string(),
|
|
|
d744d0 |
GetCipherStandardName(env, ssl)) ||
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
!Set<Value>(env->context(),
|
|
|
d744d0 |
info,
|
|
|
d744d0 |
env->version_string(),
|
|
|
d744d0 |
diff --git a/src/node_crypto_common.h b/src/node_crypto_common.h
|
|
|
d744d0 |
index c373a97e47..220cb109bc 100644
|
|
|
d744d0 |
--- a/src/node_crypto_common.h
|
|
|
d744d0 |
+++ b/src/node_crypto_common.h
|
|
|
d744d0 |
@@ -73,15 +73,19 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
|
|
|
d744d0 |
|
|
|
d744d0 |
int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr<SecureContext> context);
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
const char* GetClientHelloALPN(const SSLPointer& ssl);
|
|
|
d744d0 |
|
|
|
d744d0 |
const char* GetClientHelloServerName(const SSLPointer& ssl);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
const char* GetServerName(SSL* ssl);
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
v8::MaybeLocal<v8::Array> GetClientHelloCiphers(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
bool SetGroups(SecureContext* sc, const char* groups);
|
|
|
d744d0 |
|
|
|
d744d0 |
@@ -97,9 +101,11 @@ v8::MaybeLocal<v8::Value> GetCipherName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl);
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
v8::MaybeLocal<v8::Value> GetCipherStandardName(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
const SSLPointer& ssl);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
v8::MaybeLocal<v8::Value> GetCipherVersion(
|
|
|
d744d0 |
Environment* env,
|
|
|
d744d0 |
diff --git a/src/node_options.cc b/src/node_options.cc
|
|
|
d744d0 |
index 047237a31e..1e4f5173a1 100644
|
|
|
d744d0 |
--- a/src/node_options.cc
|
|
|
d744d0 |
+++ b/src/node_options.cc
|
|
|
d744d0 |
@@ -9,6 +9,8 @@
|
|
|
d744d0 |
#include <sstream>
|
|
|
d744d0 |
#include <cstdlib> // strtoul, errno
|
|
|
d744d0 |
|
|
|
d744d0 |
+#include <node-ssl-shim/features.h>
|
|
|
d744d0 |
+
|
|
|
d744d0 |
using v8::Boolean;
|
|
|
d744d0 |
using v8::Context;
|
|
|
d744d0 |
using v8::FunctionCallbackInfo;
|
|
|
d744d0 |
@@ -128,10 +130,12 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) {
|
|
|
d744d0 |
errors->push_back("invalid value for --unhandled-rejections");
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
if (tls_min_v1_3 && tls_max_v1_2) {
|
|
|
d744d0 |
errors->push_back("either --tls-min-v1.3 or --tls-max-v1.2 can be "
|
|
|
d744d0 |
"used, not both");
|
|
|
d744d0 |
}
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
|
|
|
d744d0 |
#if HAVE_INSPECTOR
|
|
|
d744d0 |
if (!cpu_prof) {
|
|
|
d744d0 |
@@ -523,14 +527,17 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
|
|
|
d744d0 |
"set default TLS minimum to TLSv1.2 (default: TLSv1.2)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_min_v1_2,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
AddOption("--tls-min-v1.3",
|
|
|
d744d0 |
"set default TLS minimum to TLSv1.3 (default: TLSv1.2)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_min_v1_3,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
AddOption("--tls-max-v1.2",
|
|
|
d744d0 |
- "set default TLS maximum to TLSv1.2 (default: TLSv1.3)",
|
|
|
d744d0 |
+ "set default TLS maximum to TLSv1.2 (default: TLSv1.2)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_max_v1_2,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#if !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
// Current plan is:
|
|
|
d744d0 |
// - 11.x and below: TLS1.3 is opt-in with --tls-max-v1.3
|
|
|
d744d0 |
// - 12.x: TLS1.3 is opt-out with --tls-max-v1.2
|
|
|
d744d0 |
@@ -539,6 +546,7 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
|
|
|
d744d0 |
"set default TLS maximum to TLSv1.3 (default: TLSv1.3)",
|
|
|
d744d0 |
&EnvironmentOptions::tls_max_v1_3,
|
|
|
d744d0 |
kAllowedInEnvironment);
|
|
|
d744d0 |
+#endif // !OPENSSL_IS_LEGACY
|
|
|
d744d0 |
}
|
|
|
d744d0 |
|
|
|
d744d0 |
PerIsolateOptionsParser::PerIsolateOptionsParser(
|
|
|
d744d0 |
diff --git a/test/parallel/test-tls-cli-max-version-1.3.js b/test/known_issues/test-tls-cli-max-version-1.3.js
|
|
|
d744d0 |
similarity index 100%
|
|
|
d744d0 |
rename from test/parallel/test-tls-cli-max-version-1.3.js
|
|
|
d744d0 |
rename to test/known_issues/test-tls-cli-max-version-1.3.js
|
|
|
d744d0 |
diff --git a/test/parallel/test-tls-cli-min-max-conflict.js b/test/known_issues/test-tls-cli-min-max-conflict.js
|
|
|
d744d0 |
similarity index 100%
|
|
|
d744d0 |
rename from test/parallel/test-tls-cli-min-max-conflict.js
|
|
|
d744d0 |
rename to test/known_issues/test-tls-cli-min-max-conflict.js
|
|
|
d744d0 |
diff --git a/test/parallel/test-tls-cli-min-version-1.3.js b/test/known_issues/test-tls-cli-min-version-1.3.js
|
|
|
d744d0 |
similarity index 100%
|
|
|
d744d0 |
rename from test/parallel/test-tls-cli-min-version-1.3.js
|
|
|
d744d0 |
rename to test/known_issues/test-tls-cli-min-version-1.3.js
|
|
|
d744d0 |
--
|
|
|
d744d0 |
2.26.2
|
|
|
d744d0 |
|