- `sessionIdContext`: A string containing an opaque identifier for session
resumption. If `requestCert` is `true`, the default is MD5 hash value
- generated from command-line. Otherwise, the default is not provided.
+ generated from command-line. (In FIPS mode a truncated SHA1 hash is
+ used instead.) Otherwise, the default is not provided.
- `secureProtocol`: The SSL method to use, e.g. `SSLv3_method` to force
SSL version 3. The possible values depend on your installation of
const tls_wrap = process.binding('tls_wrap');
const TCP = process.binding('tcp_wrap').TCP;
const Pipe = process.binding('pipe_wrap').Pipe;
+const defaultSessionIdContext = getDefaultSessionIdContext();
+
+function getDefaultSessionIdContext() {
+ var defaultText = process.argv.join(' ');
+ /* SSL_MAX_SID_CTX_LENGTH is 128 bits */
+ if (process.config.variables.openssl_fips) {
+ return crypto.createHash('sha1')
+ .update(defaultText)
+ .digest('hex').slice(0, 32);
+ } else {
+ return crypto.createHash('md5')
+ .update(defaultText)
+ .digest('hex');
+ }
+}
function onhandshakestart() {
debug('onhandshakestart');
if (options.sessionIdContext) {
this.sessionIdContext = options.sessionIdContext;
} else {
- this.sessionIdContext = crypto.createHash('md5')
- .update(process.argv.join(' '))
- .digest('hex');
+ this.sessionIdContext = defaultSessionIdContext;
}
};