Throw an exception in the tls.Server constructor when the options object
doesn't contain either a PFX or a key/certificate combo.
Said change exposed a bug in simple/test-tls-junk-closes-server. Addressed.
Fixes#3941.
Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA
to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
in order to mitigate BEAST attacks.
The documentation suggested AES256-SHA but unfortunately that's a CBC cipher
and therefore susceptible to attacks.
Fixes#3900.
Commit 4e5fe2d changed the way how process.nextTick() works:
process.nextTick(function foo() {
process.nextTick(function bar() {
// ...
});
});
Before said commit, foo() and bar() used to run on separate event loop ticks
but that is no longer the case.
However, that's exactly the behavior that the TLS renegotiation attack guard
relies on. It gets called by OpenSSL and needs to defer the 'error' event to a
later tick because the default action is to destroy the TLS context - the same
context that OpenSSL currently operates on.
When things change underneath your feet, bad things happen and OpenSSL is no
exception. Ergo, use setImmediate() instead of process.nextTick() to ensure
that the 'error' event is actually emitted at a later tick.
Fixes#3840.
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.
Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
- fix crash calling ClientRequest::setKeepAlive if the underlying request is
HTTPS.
- fix discarding of callback parameter when calling ClientRequest::setTimeout on
HTTPS requests.
- fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on
HTTPS requests.
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
Previous API used form:
tls.connect(443, "google.com", options, ...)
now it's replaced with:
tls.connect({port: 443, host: "google.com", ...}, ...)
It simplifies argument parsing in `tls.connect` and makes the API
consistent with other parts.
Fixes#1983.
