tls: handle `ssl.start()` errors

2 files changed, 29 insertions, 0 deletions

diff --git a/lib/tls.js b/lib/tls.js
index f575bd69df..2077b8f5c6 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -940,6 +940,10 @@ function SecurePair(credentials, isServer, requestCert, rejectUnauthorized,
     /* The Connection may be destroyed by an abort call */
     if (self.ssl) {
       self.ssl.start();
+
+      /* In case of cipher suite failures - SSL_accept/SSL_connect may fail */
+      if (self.ssl && self.ssl.error)
+        self.error();
     }
   });
 }
diff --git a/test/simple/test-tls-connect.js b/test/simple/test-tls-connect.js
index fe2d17ff2f..616f76c05c 100644
--- a/test/simple/test-tls-connect.js
+++ b/test/simple/test-tls-connect.js
@@ -50,3 +50,28 @@ var path = require('path');
     errorEmitted = true;
   });
 })();
+
+// SSL_accept/SSL_connect error handling
+(function() {
+  var cert = fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'));
+  var key = fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem'));
+
+  var errorEmitted = false;
+
+  process.on('exit', function() {
+    assert.ok(errorEmitted);
+  });
+
+  var conn = tls.connect({
+    cert: cert,
+    key: key,
+    port: common.PORT,
+    ciphers: 'rick-128-roll'
+  }, function() {
+    assert.ok(false); // callback should never be executed
+  });
+
+  conn.on('error', function() {
+    errorEmitted = true;
+  });
+})();