@@ -26,18 +26,34 @@ const { isArrayBufferView } = require('internal/util/types');
26
26
const tls = require ( 'tls' ) ;
27
27
const {
28
28
ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED ,
29
- ERR_INVALID_ARG_TYPE
29
+ ERR_INVALID_ARG_TYPE ,
30
+ ERR_TLS_INVALID_PROTOCOL_VERSION ,
31
+ ERR_TLS_PROTOCOL_VERSION_CONFLICT ,
30
32
} = require ( 'internal/errors' ) . codes ;
31
-
32
- const { SSL_OP_CIPHER_SERVER_PREFERENCE } = internalBinding ( 'constants' ) . crypto ;
33
+ const {
34
+ SSL_OP_CIPHER_SERVER_PREFERENCE ,
35
+ TLS1_VERSION ,
36
+ TLS1_1_VERSION ,
37
+ TLS1_2_VERSION ,
38
+ } = internalBinding ( 'constants' ) . crypto ;
33
39
34
40
// Lazily loaded from internal/crypto/util.
35
41
let toBuf = null ;
36
42
43
+ function toV ( which , v , def ) {
44
+ if ( v == null ) v = def ;
45
+ if ( v === 'TLSv1' ) return TLS1_VERSION ;
46
+ if ( v === 'TLSv1.1' ) return TLS1_1_VERSION ;
47
+ if ( v === 'TLSv1.2' ) return TLS1_2_VERSION ;
48
+ throw new ERR_TLS_INVALID_PROTOCOL_VERSION ( v , which ) ;
49
+ }
50
+
37
51
const { SecureContext : NativeSecureContext } = internalBinding ( 'crypto' ) ;
38
- function SecureContext ( secureProtocol , secureOptions , context ) {
52
+ function SecureContext ( secureProtocol , secureOptions , context ,
53
+ minVersion , maxVersion ) {
39
54
if ( ! ( this instanceof SecureContext ) ) {
40
- return new SecureContext ( secureProtocol , secureOptions , context ) ;
55
+ return new SecureContext ( secureProtocol , secureOptions , context ,
56
+ minVersion , maxVersion ) ;
41
57
}
42
58
43
59
if ( context ) {
@@ -46,10 +62,15 @@ function SecureContext(secureProtocol, secureOptions, context) {
46
62
this . context = new NativeSecureContext ( ) ;
47
63
48
64
if ( secureProtocol ) {
49
- this . context . init ( secureProtocol ) ;
50
- } else {
51
- this . context . init ( ) ;
65
+ if ( minVersion != null )
66
+ throw new ERR_TLS_PROTOCOL_VERSION_CONFLICT ( minVersion , secureProtocol ) ;
67
+ if ( maxVersion != null )
68
+ throw new ERR_TLS_PROTOCOL_VERSION_CONFLICT ( maxVersion , secureProtocol ) ;
52
69
}
70
+
71
+ this . context . init ( secureProtocol ,
72
+ toV ( 'minimum' , minVersion , tls . DEFAULT_MIN_VERSION ) ,
73
+ toV ( 'maximum' , maxVersion , tls . DEFAULT_MAX_VERSION ) ) ;
53
74
}
54
75
55
76
if ( secureOptions ) this . context . setOptions ( secureOptions ) ;
@@ -75,7 +96,8 @@ exports.createSecureContext = function createSecureContext(options, context) {
75
96
if ( options . honorCipherOrder )
76
97
secureOptions |= SSL_OP_CIPHER_SERVER_PREFERENCE ;
77
98
78
- const c = new SecureContext ( options . secureProtocol , secureOptions , context ) ;
99
+ const c = new SecureContext ( options . secureProtocol , secureOptions , context ,
100
+ options . minVersion , options . maxVersion ) ;
79
101
var i ;
80
102
var val ;
81
103
0 commit comments