Open heri16 opened 6 years ago
There are many reports on the lack-lustre security of many ciphers used as the default in this library. SSLv3 has been proven to be insecure.
We should add support for tls options such as secureProtocol and ciphers, ecdhCurve, honorCipherOrder, and servername.
secureProtocol
ciphers
ecdhCurve
honorCipherOrder
servername
const tls = { // Refer to `tls.connect()` section in // https://nodejs.org/api/tls.html // for all supported options secureProtocol: 'TLSv1_2_method', // ciphers: 'ECDHE-RSA-AES256-GCM-SHA384', // ecdhCurve: 'auto', ciphers: 'ECDHE-RSA-AES128-GCM-SHA256', ecdhCurve: 'secp384r1', honorCipherOrder: true, servername: 'servernameindication', ca: [ fs.readFileSync('cert/AmazonRootCA1.pem'), ], }
There are many reports on the lack-lustre security of many ciphers used as the default in this library. SSLv3 has been proven to be insecure.
We should add support for tls options such as
secureProtocolandciphers,ecdhCurve,honorCipherOrder, andservername.