tls: set ecdhCurve default to 'auto'

[Hativ]

For best out-of-the-box compatibility there should not be one default ecdhCurve for the tls client, OpenSSL should choose them automatically.

I've had a lot of struggle connecting to a server that did not support the default curve. Many third party modules have no support for setting ecdhCurve, therefore I think the tls client should support as much curves as possible by default. Using 'auto' would achieve this.

Refs: #16196
Refs: #1495
Refs: https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)
Refs: #15206

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

Affected core subsystem(s)

tls

[mscdex]

/cc @nodejs/crypto

[bnoordhuis]

Removing tls.DEFAULT_ECDH_CURVE outright is not an option: it's documented and in use in the ecosystem. (edit: Whether it actually worked as intended before v8.6.0 is something of an open question, though.)

Changing it to 'auto' however should be acceptable for node 10.

[tniessen]

CI: https://ci.nodejs.org/job/node-test-pull-request/11267/

[Hativ]

@bnoordhuis I've updated my commit.

[indutny]

LGTM

[bnoordhuis]

Thanks, LGTM.

[Trott]

CI failure on AIX is unrelated. CI is good.

[sam-github]

I searched RFC 4492 and FIPS 186-4 for the word auto, and it does not appear. Could you provide a little more text that says something about what this new value actually does? IIRC, this curve is used for creation of ephemeral ECDH keys, is it that auto will cause the curve used to be the same as the curve in the server's EC certificate?

[tniessen]

I would prefer to update the included references. auto is not part of the RFC AFAIK, but rather an OpenSSL definition. Otherwise LGTM.

[Hativ]

@sam-github @tniessen I've updated my commit.

[tniessen]

This line should not exceed 80 characters if possible. Also, the description of the ecdhCurve option in tls.createSecureContext already covers what auto means, I would prefer to link to that instead of the OpenSSL documentation. Maybe something like

default value is `'auto'`. See [`tls.createSecureContext()`] for further information.

I guess most users will assume this behavior, auto is a pretty self-explanatory name.

[Hativ]

@tniessen I've updated my commit again, using your suggestion.

[tniessen]

New CI: https://ci.nodejs.org/job/node-test-pull-request/11472/

[mhdawson]

CI is not longer visible so starting a new one: https://ci.nodejs.org/job/node-test-pull-request/11785/

[tniessen]

CI failures are unrelated (centos6-64 is failing on all PRs and AIX is async-hooks/test-graph.signal once again).

Landed in af78840, thank you! 🎉 We are looking forward to future contributions!

[ghost]

@tniessen What release version(s) will that commit be part of?

[tniessen]

@jacobcabantomski-ct This PR was marked as semver-major, so these changes will not be shipped until node 10 is released.

[sam-github]

@jacobcabantomski-ct and @nodejs/crypto and @nodejs/lts - would there be interest in my PRing a --tls-default-ecdh-curve= CLI option? That would be semver-minor, so it could be easily backported, and would allow using NODE_OPTIONS=--tls-default-ecdh-curve=auto across all the release lines to set the curve to "auto".

[ghost]

@sam-github That would be very helpful in the short/medium term until 10 is out next fall.

[rodrigok]

NODE_OPTIONS=--tls-default-ecdh-curve=auto seems to be a good option meanwhile

[mhdawson]

@sam-github any chance you are going to have time to look at implementing your suggestion in the near future ?