redbird icon indicating copy to clipboard operation
redbird copied to clipboard
verified publisher icon OptimalBits

Request: Document multiple 'secureOptions' behavior

Open geeklisted opened this issue 6 years ago • 1 comments

When using the secureOptions attribute with an SSL proxy, what is the expected structure for supplying multiple Crypto SSL constant values?

Do we use an array, ||, &&? Is this even possible? Code does not make it clear.

{ssl: {
        redirect: true, // False to disable HTTPS autoredirect to this route.
    	key: keyPath,
    	cert: certPath,
    	ca: caPath, // optional
    	secureOptions: constants.SSL_OP_NO_TLSv1 && constants.SSL_OP_CIPHER_SERVER_PREFERENCE
    	}
    }

geeklisted avatar May 10 '19 13:05 geeklisted

Hi! Taking from nodejs documentation: https://nodejs.org/api/tls.html

"secureOptions Optionally affect the OpenSSL protocol behavior, which is not usually necessary. This should be used carefully if at all! Value is a numeric bitmask of the SSL_OP_* options from OpenSSL Options."

So I think it should be bitwise or (single | symbol), like this:

{
  ssl: {
    redirect: true, // False to disable HTTPS autoredirect to this route.
    key: keyPath,
    cert: certPath,
    ca: caPath, // optional
    secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_CIPHER_SERVER_PREFERENCE
  }
}

mrkmrtns avatar May 17 '19 15:05 mrkmrtns