Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tlsSocket.getEphemeralKeyInfo() returns empty object on PFS connection #20262

Closed
WRMSRwasTaken opened this issue Apr 24, 2018 · 3 comments
Closed

tlsSocket.getEphemeralKeyInfo() returns empty object on PFS connection #20262

WRMSRwasTaken opened this issue Apr 24, 2018 · 3 comments
Labels
tls Issues and PRs related to the tls subsystem.

Comments

@WRMSRwasTaken
Copy link

WRMSRwasTaken commented Apr 24, 2018
edited
Loading

Version: v10.0.0
Platform: Windows 10 Education 1709 x64
Subsystem: TLS

I wanted to see if node negotiates the new ciphers introduced with OpenSSL 1.1 with my server, already running OpenSSL 1.1

const tls = require('tls');

const tlsSocket = tls.connect(443, '<server>');

tlsSocket.on('secureConnect', info => {
	console.log('TLS version:', tlsSocket.getProtocol());
	console.log('Cipher:', tlsSocket.getCipher().name);
	console.log('Curve:', tlsSocket.getEphemeralKeyInfo());
});

The seen Output then is:

TLS version: TLSv1.2
Cipher: ECDHE-RSA-CHACHA20-POLY1305
Curve: {}

Why is tlsSocket.getEphemeralKeyInfo() returning an empty object? It's clearly a PFS connection.

It should return something like this: { type: 'ECDHE', name: 'X25519', size: 253}
@Trott Trott added the tls Issues and PRs related to the tls subsystem. label Apr 24, 2018
@Trott
Copy link
Member

Trott commented Apr 24, 2018

@nodejs/crypto

@bnoordhuis
Copy link
Member

Why is tlsSocket.getEphemeralKeyInfo() returning an empty object?

Because it currently only knows about DH and ECDH keys. Pull requests welcome.

@shigeki
Copy link
Contributor

shigeki commented Apr 25, 2018

This issue is caused by EVP_PKEY_EC which only covers ANSI X9.62 curves not IETF ones.
I will submit a PR to fix this.

@shigeki shigeki mentioned this issue Apr 25, 2018
Closed
4 tasks
MylesBorins pushed a commit that referenced this issue May 4, 2018
@shigeki @MylesBorins
tls: fix getEphemeralKeyInfo to support X25519
9b30bc4 
`EVP_PKEY_EC` only covers ANSI X9.62 curves not IETF ones(curve25519
and curve448). This fixes to add support of X25519 in
`tlsSocket.getEphemeralKeyInfo()`.
X448 should be added in the future upgrade to OpenSSL-1.1.1.

PR-URL: #20273
Fixes: #20262
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tls: fix getEphemeralKeyInfo to support X25519 shigeki/node
4 participants
@bnoordhuis @Trott @shigeki @WRMSRwasTaken