From c906151dba6ffb116046694d587cd1d1ba0c2399 Mon Sep 17 00:00:00 2001 From: Tim Perry Date: Wed, 19 Oct 2022 16:51:33 +0200 Subject: [PATCH] tls: add support for ALPN fallback when no ALPN protocol matches --- doc/api/errors.md | 11 ++++ doc/api/tls.md | 8 +++ lib/_tls_wrap.js | 7 +++ lib/internal/errors.js | 3 + src/crypto/crypto_tls.cc | 20 +++++-- src/env_properties.h | 1 + test/parallel/test-tls-alpn-server-client.js | 60 ++++++++++++++++++++ 7 files changed, 106 insertions(+), 4 deletions(-) diff --git a/doc/api/errors.md b/doc/api/errors.md index e1e1b92f654505f..f4a7d28f6baf785 100644 --- a/doc/api/errors.md +++ b/doc/api/errors.md @@ -2698,6 +2698,17 @@ This error represents a failed test. Additional information about the failure is available via the `cause` property. The `failureType` property specifies what the test was doing when the failure occurred. + + +### `ERR_TLS_ALPN_FALLBACK_WITHOUT_PROTOCOLS` + +This error is thrown when creating a `TLSServer` if the TLS options sets +`enableALPNFallback` to `true` without providing an `ALPNProtocols` argument. + +When `ALPNProtocols` is not provided, ALPN is skipped entirely, so the fallback +would not be functional. To enable ALPN for all protocols, using the fallback +in all cases, set `ALPNProtocols` to an empty array instead. + ### `ERR_TLS_CERT_ALTNAME_FORMAT` diff --git a/doc/api/tls.md b/doc/api/tls.md index a9b23fc97501fce..829893ab4e79046 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -2012,6 +2012,9 @@ where `secureSocket` has the same API as `pair.cleartext`.