summaryrefslogtreecommitdiff
path: root/lib/tls.js
AgeCommit message (Collapse)AuthorFilesLines
2012-09-25tls: lintisaacs1-1/+1
cc @indutny >_<
2012-09-25tls: use slab allocatorFedor Indutny1-17/+48
2012-08-31tls: support unix domain socket/named pipe in tls.connectShigeki Ohtsu1-27/+18
2012-08-22lintisaacs1-1/+1
2012-08-21tls: update default cipher listBen Noordhuis1-1/+4
Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH in order to mitigate BEAST attacks. The documentation suggested AES256-SHA but unfortunately that's a CBC cipher and therefore susceptible to attacks. Fixes #3900.
2012-08-12tls: handle multiple CN fields when verifying certBen Noordhuis1-1/+8
Fixes #3861.
2012-07-20tls: pass lintingFedor Indutny1-7/+6
2012-07-20tls: fix 'hostless' tls connection verificationFedor Indutny1-1/+1
And fix last failing tests
2012-07-20tls: revert accidental API changeFedor Indutny1-1/+1
socket.authorizationError should always be string. Also make sni test pass.
2012-07-20tls: localhost is valid against identity-checkFedor Indutny1-4/+0
2012-07-20tls: veryify server's identityFedor Indutny1-3/+108
2012-07-06Inline timeout function, avoiding declaration in conditionalJonas Westerlund1-3/+2
Moving it out would require an anonymous function, or bind(), anyway. Luckily It's a tiny function. Fixes crash in strict mode.
2012-06-18tls: fix off-by-one error in renegotiation checkBen Noordhuis1-3/+2
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it.
2012-06-15domain: the EventEmitter constructor is now always called in nodecoreAndreas Madsen1-3/+3
2012-05-15lintisaacs1-1/+1
2012-05-15Merge remote-tracking branch 'ry/v0.6' into v0.6-mergeisaacs1-0/+2
Conflicts: ChangeLog deps/uv/include/uv-private/uv-unix.h deps/uv/src/unix/core.c deps/uv/src/unix/sunos.c deps/v8/src/runtime.cc doc/api/crypto.markdown lib/http.js src/node_version.h test/gc/test-http-client-timeout.js wscript
2012-05-14crypto: add PKCS12/PFX supportssuda1-0/+2
Fixes #2845.
2012-04-16tls: remove duplicate linefukayatsu1-1/+0
2012-03-29tls: reduce memory overhead, reuse bufferYosef Dinerstein1-7/+15
Instead of allocating a new 64KB buffer each time when checking if there is something to transform, continue to use the same buffer. Once the buffer is exhausted, allocate a new buffer. This solves the problem of huge allocations when small fragments of data are processed, but will also continue to work well with big pieces of data.
2012-03-23tls: fix CryptoStream.setKeepAlive()Shigeki Ohtsu1-1/+1
2012-03-10tls: parsing multiple values of a key in ssl certificatessuda1-1/+8
Fixes #2864.
2012-03-06net, http, https: add localAddress optionDmitry Nizovtsev1-1/+5
Binds to a local address before making the outgoing connection.
2012-03-03lintisaacs1-1/+3
2012-03-03tls: proxy set(Timeout|NoDelay|KeepAlive) methodsJimb Esser1-4/+9
- fix crash calling ClientRequest::setKeepAlive if the underlying request is HTTPS. - fix discarding of callback parameter when calling ClientRequest::setTimeout on HTTPS requests. - fix discarding of noDelay parameter when calling ClientRequest::setNoDelay on HTTPS requests.
2012-02-29tls: add `honorCipherOrder` option to tls.createServer()Blake Miner1-1/+4
Documented how to mitigate BEAST attacks.
2012-02-20tls http https: don't pollute user's `options` objectMaciej Małecki1-6/+8
2012-02-18Lint all the JavaScripts.isaacs1-2/+3
2012-02-18Merge remote-tracking branch 'ry/v0.6' into v0.6-mergeisaacs1-15/+65
Conflicts: AUTHORS ChangeLog Makefile doc/about/index.html doc/api/tls.markdown doc/community/index.html doc/index.html doc/logos/index.html doc/template.html lib/http.js lib/tls.js src/node_version.h src/platform_win32.cc test/simple/test-tls-connect-given-socket.js
2012-02-16tls: mitigate session renegotiation attacksBen Noordhuis1-0/+52
The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded.
2012-02-14tls: Allow establishing secure connection on the existing socketkoichik1-2/+4
2012-01-24net, tls, http: remove socket.ondrainBen Noordhuis1-3/+0
Replace the ondrain hack with a regular 'drain' listener. Speeds up the bytes/1024 http benchmark by about 1.2%.
2012-01-24Merge branch 'v0.6'Fedor Indutny1-9/+10
Conflicts: ChangeLog doc/template.html lib/cluster.js lib/http.js lib/tls.js src/node.h src/node_version.h test/simple/test-cluster-kill-workers.js
2012-01-17tls: fix double 'error' events on HTTPS Requestskoichik1-10/+11
Fixes #2549.
2012-01-09tls: Allow establishing secure connection on the existing socketkoichik1-2/+4
This is necessary to use SSL over HTTP tunnels. Refs #2259, #2474. Fixes #2489.
2012-01-08tls: make `tls.connect` accept port and host in `options`Maciej Małecki1-20/+27
Previous API used form: tls.connect(443, "google.com", options, ...) now it's replaced with: tls.connect({port: 443, host: "google.com", ...}, ...) It simplifies argument parsing in `tls.connect` and makes the API consistent with other parts. Fixes #1983.
2011-12-27tls: fix test-https-client-reject failskoichik1-18/+20
Fixes #2417.
2011-12-21Merge remote branch 'origin/v0.6'Ryan Dahl1-1/+15
Conflicts: Makefile lib/_debugger.js
2011-12-21tls: Fix node swallows openssl error on requestkoichik1-0/+15
Fixes #2308. Fixes #2246.
2011-12-21tls: remove duplicate assignmentBen Noordhuis1-1/+0
2011-12-07tls: enable rejectUnauthorized option to clientkoichik1-3/+10
Fiexes #2247.
2011-11-27tls: fix https with fs.openReadStream hangskoichik1-2/+8
Fixes #2185. Fixes #2198.
2011-11-17tls: make cipher list configurableBen Noordhuis1-4/+1
options.ciphers existed but didn't work, the cipher list was effectively hard-coded to RC4-SHA:AES128-SHA:AES256-SHA. Fixes #2066.
2011-10-31tls, https: add passphrase optionkoichik1-0/+2
Fixes #1925.
2011-10-27tls: add address(), remoteAddress/remotePortkoichik1-0/+13
Fixes #758. Fixes #1055.
2011-10-27tls: does not emit 'end' from EncryptedStreamkoichik1-1/+0
de09168 and 4cdf9d4 breaks `test/pummel/test-https-large-response.js`. It is never finished. Fixes #1936.
2011-10-21Merge remote branch 'origin/v0.4'Ryan Dahl1-7/+41
Conflicts: ChangeLog Makefile deps/libev/wscript doc/index.html doc/template.html lib/net.js src/node_version.h src/platform_cygwin.cc test/pummel/test-net-write-callbacks.js test/simple/test-buffer.js
2011-10-21Emit 'end' from crypto streams on closeRyan Dahl1-1/+3
Fixes test/simple/test-tls-peer-certificate.js on Windows Patch from bnoordhuis. See also 75a0cf970fb48440a93a62796ab1f128fcbe7d76
2011-10-15tls: The TLS API is inconsistent with the TCP APIkoichik1-1/+4
Add 'secureConnect' event to tls.CleartextStream. Fixes #1467.
2011-10-15tls: requestCert unusable with Firefox and Chromekoichik1-1/+9
Fixes #1516.
2011-09-30tls: Improve TLS flow controlkoichik1-7/+41
Fixes #1775.
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 01:20:52 +0000