How to disable tls 1.0 and use only tls 1.1 using

2020-08-17 17:42发布

站内问答 / 移动开发
1416 4 4

I want to disable the TLS v1.0 and use TLS 1.1 and above only.

By nodejs, I use the https module, how to set the https options?

I have read the api doc node api tls, but I still don't know how to set this.

I think it depends on the secureProtocol and cipher, but I just don't know how to set the value.

My node version is 0.10.36, and openssl version is 0.9.8j.

标签: node.js ssl
举报
4条回答
老娘就宠你
2楼-- · 2020-08-17 17:51

TLS 1.0 should no longer be used. This works to disable TLS 1.0 in node.js:

https.createServer({
    secureOptions: require('constants').SSL_OP_NO_TLSv1,
    pfx: fs.readFileSync(path.resolve(pathToCert))
}, app).listen(443);

You can verify this using this tool: ssllabs

查看更多
0人赞 添加讨论(0) 举报
干净又极端
3楼-- · 2020-08-17 17:57

The use of the constants module is undocumented. A better way to disable TLS v1.0 would be to use constants from the crypto module instead. See the documentation on the Node.js website for reference.

The solution then becomes the following:

const { constants } = require('crypto')
https.createServer({
    secureOptions: constants.SSL_OP_NO_TLSv1,
    pfx: fs.readFileSync(path.resolve(pathToCert))
}, app).listen(443)
查看更多
0人赞 添加讨论(0) 举报
冷血范
4楼-- · 2020-08-17 17:58

Marco's solution worked for me, but as TLS 1.1 is also considered a vulnerability, it is better to disable both and go with TLS 1.2

const { constants } = require('crypto')
https.createServer({
    secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1
    pfx: fs.readFileSync(path.resolve(pathToCert))
}, app).listen(443)
查看更多
0人赞 添加讨论(0) 举报
Fickle 薄情
5楼-- · 2020-08-17 18:05

This will be helpful if any one is using MEANjs

use

secureProtocol: 'TLSv1_2_server_method',

instead of 

secureProtocol: 'TLSv1_method',

file location config/lib/socket.io.js

Works without issue.enter image description here

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)