File tree 6 files changed +34
-0
lines changed
6 files changed +34
-0
lines changed Original file line number Diff line number Diff line change @@ -475,6 +475,14 @@ added: REPLACEME
475
475
Set default [ ` tls.DEFAULT_MIN_VERSION ` ] [ ] to 'TLSv1.1'. Use for compatibility
476
476
with old TLS clients or servers.
477
477
478
+ ### ` --tls-min-v1.2 `
479
+ <!-- YAML
480
+ added: REPLACEME
481
+ -->
482
+
483
+ Set default [ ` minVersion ` ] [ ] to ` 'TLSv1.2' ` . Use to disable support for TLSv1
484
+ and TLSv1.1 in favour of TLSv1.2, which is more secure.
485
+
478
486
### ` --tls-min-v1.3 `
479
487
<!-- YAML
480
488
added: REPLACEME
Original file line number Diff line number Diff line change @@ -250,6 +250,10 @@ or servers.
250
250
Set default minVersion to 'TLSv1.1'. Use for compatibility with old TLS clients
251
251
or servers.
252
252
.
253
+ .It Fl -tls-min-v1.2
254
+ Set default minVersion to 'TLSv1.2'. Use to disable support for TLSv1 and
255
+ TLSv1.1 in favour of TLSv1.2, which is more secure.
256
+ .
253
257
.It Fl -tls-min-v1.3
254
258
Set default minVersion to 'TLSv1.3'. Use to disable support for TLSv1.2 in
255
259
favour of TLSv1.3, which is more secure.
Original file line number Diff line number Diff line change @@ -58,6 +58,8 @@ if (getOptionValue('--tls-min-v1.0'))
58
58
exports . DEFAULT_MIN_VERSION = 'TLSv1' ;
59
59
else if ( getOptionValue ( '--tls-min-v1.1' ) )
60
60
exports . DEFAULT_MIN_VERSION = 'TLSv1.1' ;
61
+ else if ( getOptionValue ( '--tls-min-v1.2' ) )
62
+ exports . DEFAULT_MIN_VERSION = 'TLSv1.2' ;
61
63
else if ( getOptionValue ( '--tls-min-v1.3' ) )
62
64
exports . DEFAULT_MIN_VERSION = 'TLSv1.3' ;
63
65
else
Original file line number Diff line number Diff line change @@ -336,6 +336,10 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
336
336
" set default TLS minimum to TLSv1.1 (default: TLSv1)" ,
337
337
&EnvironmentOptions::tls_min_v1_1,
338
338
kAllowedInEnvironment );
339
+ AddOption (" --tls-min-v1.2" ,
340
+ " set default TLS minimum to TLSv1.2 (default: TLSv1)" ,
341
+ &EnvironmentOptions::tls_min_v1_2,
342
+ kAllowedInEnvironment );
339
343
AddOption (" --tls-min-v1.3" ,
340
344
" set default TLS minimum to TLSv1.3 (default: TLSv1)" ,
341
345
&EnvironmentOptions::tls_min_v1_3,
Original file line number Diff line number Diff line change @@ -138,6 +138,7 @@ class EnvironmentOptions : public Options {
138
138
139
139
bool tls_min_v1_0 = false ;
140
140
bool tls_min_v1_1 = false ;
141
+ bool tls_min_v1_2 = false ;
141
142
bool tls_min_v1_3 = false ;
142
143
bool tls_max_v1_2 = false ;
143
144
bool tls_max_v1_3 = false ;
Original file line number Diff line number Diff line change
1
+ // Flags: --tls-min-v1.2
2
+ 'use strict' ;
3
+ const common = require ( '../common' ) ;
4
+ if ( ! common . hasCrypto ) common . skip ( 'missing crypto' ) ;
5
+
6
+ // Check that node `--tls-min-v1.2` is supported.
7
+
8
+ const assert = require ( 'assert' ) ;
9
+ const tls = require ( 'tls' ) ;
10
+
11
+ assert . strictEqual ( tls . DEFAULT_MAX_VERSION , 'TLSv1.2' ) ;
12
+ assert . strictEqual ( tls . DEFAULT_MIN_VERSION , 'TLSv1.2' ) ;
13
+
14
+ // Check the min-max version protocol versions against these CLI settings.
15
+ require ( './test-tls-min-max-version.js' ) ;
You can’t perform that action at this time.
0 commit comments