OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
9cde7a033e
node/benchmark/tls/tls-connect.js
Adam Majer 9cde7a033e
crypto: don't disable TLS 1.3 without suites 
In the manual page, there is a statement that ciphersuites contain
explicit default settings - all TLS 1.3 ciphersuites enabled.
In node, we assume that an empty setting mean no ciphersuites and
we disable TLS 1.3. A correct approach to disabling TLS 1.3 is to
disable TLS 1.3 and by not override the default ciphersuits
with an empty string.

So, only override OpenSSL's TLS 1.3 ciphersuites with an explicit
list of ciphers. If none are acceptable, the correct approach is
to disable TLS 1.3 instead elsewhere.

Fixes: https://github.com/nodejs/node/issues/43419

PR-URL: https://github.com/nodejs/node/pull/43427
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: James M Snell <jasnell@gmail.com>
2022-06-27 09:47:13 +01:00

68 lines
1.5 KiB
JavaScript
Raw Blame History

'use strict';
const fixtures = require('../../test/common/fixtures');
const tls = require('tls');
const common = require('../common.js');
const bench = common.createBenchmark(main, {
concurrency: [1, 10],
dur: [5]
});
let clientConn = 0;
let serverConn = 0;
let dur;
let concurrency;
let running = true;
function main(conf) {
dur = conf.dur;
concurrency = conf.concurrency;
const options = {
key: fixtures.readKey('rsa_private.pem'),
cert: fixtures.readKey('rsa_cert.crt'),
ca: fixtures.readKey('rsa_ca.crt'),
ciphers: 'AES256-GCM-SHA384',
maxVersion: 'TLSv1.2',
};
const server = tls.createServer(options, onConnection);
server.listen(common.PORT, onListening);
}
function onListening() {
setTimeout(done, dur * 1000);
bench.start();
for (let i = 0; i < concurrency; i++)
makeConnection();
}
function onConnection(conn) {
serverConn++;
}
function makeConnection() {
const options = {
port: common.PORT,
rejectUnauthorized: false
};
const conn = tls.connect(options, () => {
clientConn++;
conn.on('error', (er) => {
console.error('client error', er);
throw er;
});
conn.end();
if (running) makeConnection();
});
}
function done() {
running = false;
// It's only an established connection if they both saw it.
// because we destroy the server somewhat abruptly, these
// don't always match. Generally, serverConn will be
// the smaller number, but take the min just to be sure.
bench.end(Math.min(serverConn, clientConn));
process.exit(0);
}
Reference in New Issue View Git Blame Copy Permalink