Add options to tls.getCiphers() to get more specific information about cipher suites
#42077
Labels
feature request
Issues that request new features to be added to Node.js.
stale
tls
Issues and PRs related to the tls subsystem.
Comments
thernstig
added
the
feature request
thernstig
changed the title
tls.getCiphers() tp get more specific information about cipher suitestls.getCiphers() to get more specific information about cipher suites
|
There has been no activity on this feature request for 5 months and it is unlikely to be implemented. It will be closed 6 months after the last non-automated comment. For more information on how the project manages feature requests, please consult the feature request management document. |
|
There has been no activity on this feature request and it is being closed. If you feel closing this issue is not the right thing to do, please leave a comment. For more information on how the project manages feature requests, please consult the feature request management document. |
|
I felt this was a very valid request in todays world with increased security observability. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the problem this feature will solve?
Currently https://nodejs.org/api/tls.html offers two ways to show cipher suites.
node -p crypto.constants.defaultCoreCipherList | tr ':' '\n'shows the set of default enabled (and disabled) cipher suites in Node.js.tls.getCiphers()shows the set of supported cipher suites in Node.js.Enabled and supported cipher suites are not the same (see #42059 (comment) and #42063). Even if a cipher suite is enabled, it might not be supported. And the other way around even if a cipher suite is supported, it might not be enabled.
Many organisations needs to know the exact cipher suites used. We need an intersection of the enabled AND supported cipher suites.
What is the feature you are proposing to solve the problem?
I propose that
tls.getCiphers()gets extended with an optional parameter that takes a string/enum such asSUPPORTED(default),ENABLED_AND_SUPPORTED,ENABLEDetc.What alternatives have you considered?
I have found none. There is currently no way to expand the default configured list of cypher suites into a list of all the cipher suites, like the command
openssl ciphersdoes.openssl ciphersconverts textual OpenSSL cipher lists into ordered SSL cipher preference lists.I could run
openssl ciphers CIPHERLISTlocally on my machine, but the problem with that is that it would use my localopensslCLI's version of the openssl library, and not the built-in openssl library version used in Node.js.In addition, some of the enabled cipher suites from that list is not even supported as seen from
tls.getCiphers()(see #42059 (comment)).The text was updated successfully, but these errors were encountered: