Skip to content

Commit

Permalink
fix the ordering issue nodejs#36655 (comment)
Browse files Browse the repository at this point in the history
  • Loading branch information
kumarrishav authored Oct 13, 2023
1 parent 7615798 commit c6fe80a
Showing 1 changed file with 22 additions and 22 deletions.
44 changes: 22 additions & 22 deletions lib/internal/tls/secure-context.js
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,28 @@ function configSecureContext(context, options = kEmptyObject, name = 'options')
ticketKeys,
} = options;

if (ciphers !== undefined && ciphers !== null)
validateString(ciphers, `${name}.ciphers`);

// Work around an OpenSSL API quirk. cipherList is for TLSv1.2 and below,
// cipherSuites is for TLSv1.3 (and presumably any later versions). TLSv1.3
// cipher suites all have a standard name format beginning with TLS_, so split
// the ciphers and pass them to the appropriate API.
const {
cipherList,
cipherSuites,
} = processCiphers(ciphers, `${name}.ciphers`);

if (cipherSuites !== '')
context.setCipherSuites(cipherSuites);
context.setCiphers(cipherList);

if (cipherList === '' &&
context.getMinProto() < TLS1_3_VERSION &&
context.getMaxProto() > TLS1_2_VERSION) {
context.setMinProto(TLS1_3_VERSION);
}

// Add CA before the cert to be able to load cert's issuer in C++ code.
// NOTE(@jasnell): ca, cert, and key are permitted to be falsy, so do not
// change the checks to !== undefined checks.
Expand Down Expand Up @@ -214,28 +236,6 @@ function configSecureContext(context, options = kEmptyObject, name = 'options')
}
}

if (ciphers !== undefined && ciphers !== null)
validateString(ciphers, `${name}.ciphers`);

// Work around an OpenSSL API quirk. cipherList is for TLSv1.2 and below,
// cipherSuites is for TLSv1.3 (and presumably any later versions). TLSv1.3
// cipher suites all have a standard name format beginning with TLS_, so split
// the ciphers and pass them to the appropriate API.
const {
cipherList,
cipherSuites,
} = processCiphers(ciphers, `${name}.ciphers`);

if (cipherSuites !== '')
context.setCipherSuites(cipherSuites);
context.setCiphers(cipherList);

if (cipherList === '' &&
context.getMinProto() < TLS1_3_VERSION &&
context.getMaxProto() > TLS1_2_VERSION) {
context.setMinProto(TLS1_3_VERSION);
}

validateString(ecdhCurve, `${name}.ecdhCurve`);
context.setECDHCurve(ecdhCurve);

Expand Down

0 comments on commit c6fe80a

Please sign in to comment.