Add `honorCipherOrder` argument to `crypto.createCredentials`.
fix #7249
Consult
<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT>
for details on the format.
+* `honorCipherOrder` : When choosing a cipher, use the server's preferences
+ instead of the client preferences. For further details see `tls` module
+ documentation.
If no 'ca' details are given, then node.js will use the default
publicly trusted list of CAs as given in
Add secure context that will be used if client request's SNI hostname is
matching passed `hostname` (wildcards can be used). `context` can contain
-`key`, `cert` and `ca`.
+`key`, `cert`, `ca` and/or any other properties from `tls.createSecureContext`
+`options` argument.
### server.maxConnections
// USE OR OTHER DEALINGS IN THE SOFTWARE.
var util = require('util');
+var constants = require('constants');
var tls = require('tls');
// Lazily loaded
exports.createSecureContext = function createSecureContext(options, context) {
if (!options) options = {};
- var c = new SecureContext(options.secureProtocol,
- options.secureOptions,
- context);
+ var secureOptions = options.secureOptions;
+ if (options.honorCipherOrder)
+ secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
+
+ var c = new SecureContext(options.secureProtocol, secureOptions, context);
if (context) return c;
ecdhCurve: self.ecdhCurve,
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
+ honorCipherOrder: self.honorCipherOrder,
crl: self.crl,
sessionIdContext: self.sessionIdContext
});
if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
if (options.ticketKeys) this.ticketKeys = options.ticketKeys;
var secureOptions = options.secureOptions || 0;
- if (options.honorCipherOrder) {
- secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
- }
+ if (options.honorCipherOrder)
+ this.honorCipherOrder = true;
+ else
+ this.honorCipherOrder = false;
if (secureOptions) this.secureOptions = secureOptions;
if (options.NPNProtocols) tls.convertNPNProtocols(options.NPNProtocols, this);
if (options.sessionIdContext) {