diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2019-05-01 12:51:44 -0700 |
---|---|---|
committer | Michaƫl Zasso <targos@protonmail.com> | 2019-05-04 09:20:23 +0200 |
commit | 7bbf95109567bfbf75b655e4c81679e914c3c036 (patch) | |
tree | 8b1ad5d07d9e106eaab7112ca7fd82cf64419408 | |
parent | 014a9fd46fb312816422bb56326bae81187abf15 (diff) | |
download | node-new-7bbf95109567bfbf75b655e4c81679e914c3c036.tar.gz |
tls: disallow conflicting TLS protocol options
Do not allow the minimum protocol level to be set higher than the max
protocol level.
See: https://github.com/nodejs/node/pull/26951, 109c097797b
PR-URL: https://github.com/nodejs/node/pull/27521
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
-rw-r--r-- | src/node_options.cc | 5 | ||||
-rw-r--r-- | test/parallel/test-tls-cli-min-max-conflict.js | 14 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/node_options.cc b/src/node_options.cc index 552997e58c..b2f14d2056 100644 --- a/src/node_options.cc +++ b/src/node_options.cc @@ -148,6 +148,11 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) { errors->push_back("invalid value for --unhandled-rejections"); } + if (tls_min_v1_3 && tls_max_v1_2) { + errors->push_back("either --tls-min-v1.3 or --tls-max-v1.2 can be " + "used, not both"); + } + #if HAVE_INSPECTOR if (!cpu_prof) { if (!cpu_prof_name.empty()) { diff --git a/test/parallel/test-tls-cli-min-max-conflict.js b/test/parallel/test-tls-cli-min-max-conflict.js new file mode 100644 index 0000000000..68aae4c635 --- /dev/null +++ b/test/parallel/test-tls-cli-min-max-conflict.js @@ -0,0 +1,14 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) common.skip('missing crypto'); + +// Check that conflicting TLS protocol versions are not allowed + +const assert = require('assert'); +const child_process = require('child_process'); + +const args = ['--tls-min-v1.3', '--tls-max-v1.2', '-p', 'process.version']; +child_process.execFile(process.argv[0], args, (err) => { + assert(err); + assert(/not both/.test(err.message)); +}); |