Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 5755fc0

Browse filesBrowse files
Mike MacCanasilverwind
Mike MacCana
authored and
silverwind
committed
tls: update default ciphers to use gcm and aes128
AES-GCM or CHACHA20_POLY1305 ciphers must be used in current version of Chrome to avoid an 'obsolete cryptography' warning. Prefer 128 bit AES over 192 and 256 bit AES considering attacks that specifically affect the larger key sizes but do not affect AES 128. PR-URL: #1660 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> Reviewed-By: Roman Reiss <me@silverwind.io>
1 parent 18d457b commit 5755fc0
Copy full SHA for 5755fc0

File tree

Expand file treeCollapse file tree

2 files changed

+40
-10
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+40
-10
lines changed
Open diff view settings
Collapse file

‎doc/api/tls.markdown‎

Copy file name to clipboardExpand all lines: doc/api/tls.markdown
+33-8Lines changed: 33 additions & 8 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -141,14 +141,37 @@ automatically set as a listener for the [secureConnection][] event. The
141141
- `ciphers`: A string describing the ciphers to use or exclude, seperated by
142142
`:`. The default cipher suite is:
143143

144-
ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:
145-
DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:
146-
HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA
147-
148-
The default cipher suite prefers ECDHE and DHE ciphers for Perfect Forward
149-
secrecy, while offering *some* backward compatibiltity. Old clients which
150-
rely on insecure and deprecated RC4 or DES-based ciphers (like Internet
151-
Explorer 6) aren't able to complete the handshake with the default
144+
ECDHE-RSA-AES128-GCM-SHA256:
145+
ECDHE-ECDSA-AES128-GCM-SHA256:
146+
ECDHE-RSA-AES256-GCM-SHA384:
147+
ECDHE-ECDSA-AES256-GCM-SHA384:
148+
DHE-RSA-AES128-GCM-SHA256:
149+
ECDHE-RSA-AES128-SHA256:
150+
DHE-RSA-AES128-SHA256:
151+
ECDHE-RSA-AES256-SHA384:
152+
DHE-RSA-AES256-SHA384:
153+
ECDHE-RSA-AES256-SHA256:
154+
DHE-RSA-AES256-SHA256:
155+
HIGH:
156+
!aNULL:
157+
!eNULL:
158+
!EXPORT:
159+
!DES:
160+
!RC4:
161+
!MD5:
162+
!PSK:
163+
!SRP:
164+
!CAMELLIA
165+
166+
The default cipher suite prefers GCM ciphers for [Chrome's 'modern
167+
cryptography' setting] and also prefers ECDHE and DHE ciphers for Perfect
168+
Forward secrecy, while offering *some* backward compatibiltity.
169+
170+
128 bit AES is preferred over 192 and 256 bit AES in light of [specific
171+
attacks affecting larger AES key sizes].
172+
173+
Old clients that rely on insecure and deprecated RC4 or DES-based ciphers
174+
(like Internet Explorer 6) aren't able to complete the handshake with the default
152175
configuration. If you absolutely must support these clients, the
153176
[TLS recommendations] may offer a compatible cipher suite. For more details
154177
on the format, see the [OpenSSL cipher list format documentation].
@@ -784,6 +807,8 @@ The string representation of the local IP address.
784807
The numeric representation of the local port.
785808

786809
[OpenSSL cipher list format documentation]: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
810+
[Chrome's 'modern cryptography' setting]: http://www.chromium.org/Home/chromium-security/education/tls#TOC-Deprecation-of-TLS-Features-Algorithms-in-Chrome
811+
[specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
787812
[BEAST attacks]: http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
788813
[tls.createServer]: #tls_tls_createserver_options_secureconnectionlistener
789814
[tls.createSecurePair]: #tls_tls_createsecurepair_context_isserver_requestcert_rejectunauthorized
Collapse file

‎lib/tls.js‎

Copy file name to clipboardExpand all lines: lib/tls.js
+7-2Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,17 @@ exports.CLIENT_RENEG_WINDOW = 600;
1515
exports.SLAB_BUFFER_SIZE = 10 * 1024 * 1024;
1616

1717
exports.DEFAULT_CIPHERS = [
18+
'ECDHE-RSA-AES128-GCM-SHA256',
19+
'ECDHE-ECDSA-AES128-GCM-SHA256',
20+
'ECDHE-RSA-AES256-GCM-SHA384',
21+
'ECDHE-ECDSA-AES256-GCM-SHA384',
22+
'DHE-RSA-AES128-GCM-SHA256',
23+
'ECDHE-RSA-AES128-SHA256',
24+
'DHE-RSA-AES128-SHA256',
1825
'ECDHE-RSA-AES256-SHA384',
1926
'DHE-RSA-AES256-SHA384',
2027
'ECDHE-RSA-AES256-SHA256',
2128
'DHE-RSA-AES256-SHA256',
22-
'ECDHE-RSA-AES128-SHA256',
23-
'DHE-RSA-AES128-SHA256',
2429
'HIGH',
2530
'!aNULL',
2631
'!eNULL',

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.