Skip to content
This repository has been archived by the owner on May 9, 2020. It is now read-only.

Backport TLSv1.3 secure ciphers #212

Merged
merged 1 commit into from May 2, 2019
Merged

Backport TLSv1.3 secure ciphers #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const requestModule = require('request-promise');
const sandbox = require('./lib/sandbox');
const decodeEmails = require('./lib/email-decode.js');
const getDefaultHeaders = require('./lib/headers');
const agentOptions = require('./lib/agent-options');
const brotli = require('./lib/brotli');

const {
Expand Down Expand Up @@ -35,7 +36,9 @@ function defaults (params) {
// Remove Cloudflare's email protection
decodeEmails: false,
// Support gzip encoded responses
gzip: true
gzip: true,
// Adds secure TLSv1.3 ciphers when using older openssl versions
agentOptions
};

// Object.assign requires at least nodejs v4, request only test/supports v6+
Expand Down
42 changes: 42 additions & 0 deletions lib/agent-options.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
'use strict';

const tls = require('tls');

const ciphers = getCiphers();

if (ciphers !== -1) {
module.exports.ciphers = ciphers;
}

function getCiphers () {
// SSL_CTX_set_cipher_list will simply ignore any unsupported ciphers
const defaults = [
'TLS_AES_128_CCM_8_SHA256',
'TLS_AES_128_CCM_SHA256',
'TLS_AES_128_GCM_SHA256',
'TLS_AES_256_GCM_SHA384',
'TLS_CHACHA20_POLY1305_SHA256'
];

// We already have these defaults if using openssl v1.1.1 and later
const v = process.versions.openssl.match(/(\d)+\.(\d+)\.(\d+)/);
if (v[1] >= 1 && v[2] >= 1 && v[3] >= 1) {
return -1;
}

const suites = tls.getCiphers()
.map(function (s) {
return s.toUpperCase();
});

let missing = false;
// Add the default TLSv1.3 cipher suites if missing
for (let i = 0; i < defaults.length; i++) {
if (suites.indexOf(defaults[i]) === -1) {
missing = true;
suites.push(defaults[i]);
}
}

return missing ? suites.join(':') : -1;
}
4 changes: 3 additions & 1 deletion test/helper.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ var express = require('express');

// Clone the default headers for tests
var defaultHeaders = Object.assign({}, require('../').defaultParams.headers);
var agentOptions = require('../lib/agent-options');

// Cache fixtures so they're only read from fs but once
var cache = {};
Expand All @@ -31,7 +32,8 @@ var helper = {
cloudflareMaxTimeout: 30000,
challengesToSolve: 3,
decodeEmails: false,
gzip: true
gzip: true,
agentOptions
};
},
getFixture: function (fileName) {
Expand Down