[v10.x] tls: support TLS min/max protocol defaults in CLI #27946
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/cc @nodejs/lts |
richardlau
reviewed
May 29, 2019
addaleax
changed the title
addaleax
approved these changes
May 29, 2019
bnoordhuis
approved these changes
Jun 1, 2019
sam-github
force-pushed
the
tls-min-max-cli-v10.x
branch
from
5fb1f1a
to
b329d2a
Compare
This comment has been minimized.
This comment has been minimized.
sam-github
force-pushed
the
tls-min-max-cli-v10.x
branch
3 times, most recently
from
a5884ed
to
436b0dd
Compare
BethGriggs
approved these changes
Jun 6, 2019
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Latest CI shows a relevant failure https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1604_sharedlibs_openssl110_x64/ |
sam-github
force-pushed
the
tls-min-max-cli-v10.x
branch
from
436b0dd
to
f269280
Compare
codebytere
approved these changes
Jun 7, 2019
|
Strangely, I could repro when I built against external openssl 1.1.0j. I'll have to do more digging to see what CI is doing. EDIT: I meant could not repro |
|
I'm trying to verify what version of OpenSSL 1.1.0 was used in the failed job above. @richardlau do you know how I would work through the build system to find out? I tried checking the workspace, https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1604_sharedlibs_openssl110_x64/ws/config.gypi/*view*/, but the include_dirs in config.gypi don't appear to contain an external openssl path, and config.status doesn't show signs of --shared-openssl being used, so that workspace is probably not what I think. If its a docker container, I should be able to run it on my laptop, and repro the build. @richardlau do you have any suggestions on how to find the docker container, or any information on how the docker container is configured? |
|
@sam-github Walking through the links from https://ci.nodejs.org/job/node-test-pull-request/23694/ the full console log of the failing build being referenced is https://ci.nodejs.org/job/node-test-commit-linux-containered/13265/nodes=ubuntu1604_sharedlibs_openssl110_x64/consoleFull python ./configure --verbose --shared-openssl --shared-openssl-includes=/opt/openssl-1.1.0j/include/ --shared-openssl-libpath=/opt/openssl-1.1.0j/lib/The docker container configuration is in the build repo: https://github.com/nodejs/build/blob/master/ansible/roles/docker/templates/ubuntu1604_sharedlibs.Dockerfile.j2 |
|
Strangely, I just cannot reproduce this locally building against the same shared openssl version. I'm trying to build&run the docker image locally. |
BethGriggs
added
the
semver-minor
This comment has been minimized.
This comment has been minimized.
sam-github
force-pushed
the
tls-min-max-cli-v10.x
branch
from
5854611
to
d18c1e3
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
@sam-github I've just cherry-picked some additional 'mark as flaky' commits on to v10.x-staging. Hopefully, CI will be better now 🤞 |
This comment has been minimized.
This comment has been minimized.
|
Added #27500 to v10.x, hopefully, clears up the last error. |
BethGriggs
pushed a commit
that referenced
this pull request
Feb 25, 2020
Backport CLI switches for default TLS versions: - `--tls-max-v1.2` - `--tls-min-v1.0` - `--tls-min-v1.1` - `--tls-min-v1.2` PR-URL: #27946 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Beth Griggs <[email protected]> Reviewed-By: Shelley Vohr <[email protected]>
|
Landed in 1cfb457 |
|
Yay! |
BethGriggs
added a commit
that referenced
this pull request
Mar 10, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- upgrade npm to 6.13.7 (Michael Perrotte)
[#31558](#31558)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls: support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Mar 12, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- upgrade npm to 6.13.7 (Michael Perrotte)
[#31558](#31558)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
PR-URL: #31984
Merged
BethGriggs
added a commit
that referenced
this pull request
Mar 23, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Mar 23, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Mar 24, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Mar 25, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Mar 26, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 3, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 6, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 7, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.7 (Lion). As binaries are still being compiled to support a minimum
of macOS 10.7 (Lion) we do not anticipate this having a negative impact
on Node.js 10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 7, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 8, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 8, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 14, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #27666 and #27432 (comment)
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes