tls: fix order of setting cipher before setting cert and key#50186
Uh oh!
There was an error while loading. Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Collaborator
nodejs-github-bot commented Oct 14, 2023
Review requested:
|
nodejs-github-bot added needs-ci 
ContributorAuthor
kumarrishav commented Oct 14, 2023
based on the help and guidance from @bnoordhuis#36655 (comment) |
ContributorAuthor
Issue was found on node 18 but most likely it exists in node > 18 as well |
Member
mcollina commented Oct 15, 2023
Could you add a test for this change? |
ContributorAuthor
kumarrishav commented Oct 15, 2023
@mcollina added the test. It's based on #36655 (comment) |
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: nodejs#36655nodejs#49549 Refs: https://github.com/orgs/nodejs/discussions/49634https://github.com/orgs/nodejs/discussions/46545https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
ContributorAuthor
kumarrishav commented Oct 17, 2023
@richardlau@mcollina@bnoordhuis Let me know if this is okay. I assume we need to backport it to the node 18/20/21 branch as well? |
ContributorAuthor
can we get some eyes on this? kinda blocked on my node.js server application |
jasnell approved these changes Oct 28, 2023
ContributorAuthor
kumarrishav commented Oct 30, 2023
Thanks @jasnell for the approval. I guess I need one more for the merge. |
ContributorAuthor
kumarrishav commented Nov 1, 2023
can we get some attention on this one? Thanks |
ContributorAuthor
kumarrishav commented Nov 7, 2023
Can we get some review here? It’s been 3 weeks. Appreciate your attention on this PR. Node v18 upgrade for all of our https node.js server is currently on hold and waiting for this . thank you |
ShogunPanda approved these changes Nov 11, 2023
This comment was marked as outdated.
This comment was marked as outdated.
18 tasks
Collaborator
nodejs-github-bot commented Nov 12, 2023
24 tasks
ContributorAuthor
kumarrishav commented Nov 13, 2023
We have 2 approvals now. What should be the next step here? and how to land it in v18.x and further and release the same |
Collaborator
nodejs-github-bot commented Nov 13, 2023
richardlau pushed a commit that referenced this pull request Nov 16, 2023
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Member
richardlau commented Nov 16, 2023
Landed in 1e0b75c. |
ContributorAuthor
kumarrishav commented Nov 16, 2023
Thanks @richardlau 🙇 Do i need to do anything here to land it in v18 n v20? Also, when can we expect the release on the v18 version? |
Member
richardlau commented Nov 16, 2023
Not at this time. We'll let you know (usually if the commit fails to cherry-pick to the staging branches cleanly). Our release policy is that changes need to first be released in a current release (e.g. at this point in time a Node.js 21 release) and then be eligible for inclusion in LTS release lines (e.g. 18) two weeks after that. |
targos pushed a commit that referenced this pull request Nov 23, 2023
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
martenrichter pushed a commit to martenrichter/node that referenced this pull request Nov 26, 2023
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: nodejs#36655Fixes: nodejs#49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: nodejs#50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Merged
ContributorAuthor
kumarrishav commented Dec 7, 2023
@targos When should we land this on v18 and v20 branch? |
UlisesGascon pushed a commit that referenced this pull request Dec 11, 2023
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Merged
UlisesGascon pushed a commit that referenced this pull request Dec 19, 2023
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
ContributorAuthor
kumarrishav commented Jan 2, 2024
When can we expect it on v18 branch? |
Member
UlisesGascon commented Jan 9, 2024
Probably is going to take a while as v18 is in maintenance mode and currently there is no release planned (see) also it might require a decision to be made in order to include it. Fore Reference:
|
ContributorAuthor
kumarrishav commented Jan 9, 2024
Ok. But this PR is related to bug fix only. Because of this we are unable to migrate to Node 18 and have to use Node 16. |
codebytere added a commit to electron/electron that referenced this pull request Jan 16, 2024
This can't be enabled owing to BoringSSL incompatibilities. nodejs/node#50186
codebytere added a commit to electron/electron that referenced this pull request Jan 16, 2024
This can't be enabled owing to BoringSSL incompatibilities. nodejs/node#50186
codebytere added a commit to electron/electron that referenced this pull request Jan 18, 2024
This can't be enabled owing to BoringSSL incompatibilities. nodejs/node#50186
jkleinsc pushed a commit to electron/electron that referenced this pull request Jan 18, 2024
This can't be enabled owing to BoringSSL incompatibilities. nodejs/node#50186
codebytere added a commit to electron/electron that referenced this pull request Jan 18, 2024
This can't be enabled owing to BoringSSL incompatibilities. nodejs/node#50186
jkleinsc pushed a commit to electron/electron that referenced this pull request Jan 18, 2024
* chore: bump node in DEPS to v20.11.0 * module: bootstrap module loaders in shadow realm nodejs/node#48655 * src: add commit hash shorthand in zlib version nodejs/node#50158 * v8,tools: expose necessary V8 defines nodejs/node#50820 * esm: do not call getSource when format is commonjs nodejs/node#50465 * esm: fallback to readFileSync when source is nullish nodejs/node#50825 * vm: allow dynamic import with a referrer realm nodejs/node#50360 * test: skip test-diagnostics-channel-memory-leak.js nodejs/node#50327 * esm: do not call getSource when format is commonjs nodejs/node#50465 * lib: fix assert throwing different error messages in ESM and CJS nodejs/node#50634 * src: fix compatility with upcoming V8 12.1 APIs nodejs/node#50709 * deps: update base64 to 0.5.1 nodejs/node#50629 * src: avoid silent coercion to signed/unsigned int nodejs/node#50663 * src: fix compatility with upcoming V8 12.1 APIs nodejs/node#50709 * chore: fix patch indices * chore: update patches * test: disable TLS cipher test This can't be enabled owing to BoringSSL incompatibilities. nodejs/node#50186 * fix: check for Buffer and global definition in shadow realm nodejs/node#51239 * test: disable parallel/test-shadow-realm-custom-loader Incompatible with our asar logic, resulting in the following failure: > Failed to CompileAndCall electron script: electron/js2c/asar_bundle * chore: remove deleted parallel/test-crypto-modp1-error test * test: make test-node-output-v8-warning generic nodejs/node#50421 * chore: fixup ModuleWrap patch * test: match wpt/streams/transferable/transform-stream-members.any.js to upstream * fix: sandbox is not enabled on arm * chore: disable v8 sandbox on ia32/arm --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <[email protected]> Co-authored-by: Cheng Zhao <[email protected]>
richardlau added backported-to-v20.x richardlau pushed a commit that referenced this pull request Mar 19, 2024
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Merged
jimsynz pushed a commit to jimsynz/cinder-space that referenced this pull request Mar 28, 2024
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `18.19.1` -> `18.20.0` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v18.20.0`](https://github.com/nodejs/node/releases/tag/v18.20.0): 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @​richardlau [Compare Source](nodejs/node@v18.19.1...v18.20.0) ##### Notable Changes ##### Added support for import attributes Support has been added for import attributes, to replace the old import assertions syntax. This will aid migration by making the new syntax available across all currently supported Node.js release lines. This adds the `with` keyword which should be used in place of the previous `assert` keyword, which will be removed in a future semver-major Node.js release. For example, ```console import "foo" assert{... } ``` should be replaced with ```console import "foo" with{... } ``` For more details, see - [#​50134](nodejs/node#50134) - [#​51622](nodejs/node#51622) Contributed by Nicolò Ribaudo in [#​51136](nodejs/node#51136) and Antoine du Hamel in [#​50140](nodejs/node#50140). ##### Doc deprecation for `dirent.path` Please use newly added `dirent.parentPath` instead. Contributed by Antoine du Hamel in [#​50976](nodejs/node#50976) and [#​51020](nodejs/node#51020). ##### Experimental node-api feature flags Introduces an experimental feature to segregate finalizers that affect GC state. A new type called `node_api_nogc_env` has been introduced as the const version of `napi_env` and `node_api_nogc_finalize` as a variant of `napi_finalize` that accepts a `node_api_nogc_env` as its first argument. This feature can be turned off by defining `NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT`. Contributed by Gabriel Schulhof in [#​50060](nodejs/node#50060). ##### Root certificates updated to NSS 3.98 Certificates added: - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 Certificates removed: - Security Communication Root CA ##### Updated dependencies - ada updated to 2.7.6. - base64 updated to 0.5.2. - c-ares updated to 1.27.0. - corepack updated to 0.25.2. - ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1. - npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes. - simdutf8 updated to 4.0.8. - Timezone updated to 2024a. - zlib updated to 1.3.0.1-motley-40e35a7. ##### vm: fix V8 compilation cache support for vm.Script Previously repeated compilation of the same source code using `vm.Script` stopped hitting the V8 compilation cache after v16.x when support for `importModuleDynamically` was added to `vm.Script`, resulting in a performance regression that blocked users (in particular Jest users) from upgrading from v16.x. The recent fixes allow the compilation cache to be hit again for `vm.Script` when `--experimental-vm-modules` is not used even in the presence of the `importModuleDynamically` option, so that users affected by the performance regression can now upgrade. Ongoing work is also being done to enable compilation cache support for `vm.CompileFunction`. Contributed by Joyee Cheung in [#​49950](nodejs/node#49950) and [#​50137](nodejs/node#50137). ##### Commits - \[[`c70383b8d4`](nodejs/node@c70383b8d4)] - **build**: support Python 3.12 (Shi Pujin) [#​50209](nodejs/node#50209) - \[[`4b960c3a4a`](nodejs/node@4b960c3a4a)] - **build**: fix incorrect g++ warning message (Richard Lau) [#​51695](nodejs/node#51695) - \[[`8fdea67694`](nodejs/node@8fdea67694)] - **crypto**: update root certificates to NSS 3.98 (Node.js GitHub Bot) [#​51794](nodejs/node#51794) - \[[`812b126dd9`](nodejs/node@812b126dd9)] - **deps**: V8: cherry-pick [`d90d453`](nodejs/node@d90d4533b053) (Michaël Zasso) [#​50077](nodejs/node#50077) - \[[`9ab8c3db87`](nodejs/node@9ab8c3db87)] - **deps**: update c-ares to 1.27.0 (Node.js GitHub Bot) [#​51846](nodejs/node#51846) - \[[`c688680387`](nodejs/node@c688680387)] - **deps**: update c-ares to 1.26.0 (Node.js GitHub Bot) [#​51582](nodejs/node#51582) - \[[`9498ac8a47`](nodejs/node@9498ac8a47)] - **deps**: compile c-ares with C11 support (Michaël Zasso) [#​51410](nodejs/node#51410) - \[[`8fb743642f`](nodejs/node@8fb743642f)] - **deps**: update c-ares to 1.25.0 (Node.js GitHub Bot) [#​51385](nodejs/node#51385) - \[[`7bea2d7c12`](nodejs/node@7bea2d7c12)] - **deps**: update zlib to 1.3.0.1-motley-40e35a7 (Node.js GitHub Bot) [#​51274](nodejs/node#51274) - \[[`57a38c8f75`](nodejs/node@57a38c8f75)] - **deps**: update zlib to 1.3.0.1-motley-dd5fc13 (Node.js GitHub Bot) [#​51105](nodejs/node#51105) - \[[`b0ca084a6b`](nodejs/node@b0ca084a6b)] - **deps**: update zlib to 1.3-22124f5 (Node.js GitHub Bot) [#​50910](nodejs/node#50910) - \[[`4b43823f37`](nodejs/node@4b43823f37)] - **deps**: update zlib to 1.2.13.1-motley-5daffc7 (Node.js GitHub Bot) [#​50803](nodejs/node#50803) - \[[`f0da591812`](nodejs/node@f0da591812)] - **deps**: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) [#​50456](nodejs/node#50456) - \[[`16d28a883a`](nodejs/node@16d28a883a)] - **deps**: update base64 to 0.5.2 (Node.js GitHub Bot) [#​51455](nodejs/node#51455) - \[[`13a9e81cb6`](nodejs/node@13a9e81cb6)] - **deps**: update base64 to 0.5.1 (Node.js GitHub Bot) [#​50629](nodejs/node#50629) - \[[`b4502d3ac5`](nodejs/node@b4502d3ac5)] - **deps**: update simdutf to 4.0.8 (Node.js GitHub Bot) [#​51000](nodejs/node#51000) - \[[`183cf8a74a`](nodejs/node@183cf8a74a)] - **deps**: update simdutf to 4.0.4 (Node.js GitHub Bot) [#​50772](nodejs/node#50772) - \[[`11ba8593ea`](nodejs/node@11ba8593ea)] - **deps**: update ada to 2.7.6 (Node.js GitHub Bot) [#​51542](nodejs/node#51542) - \[[`73a946d55c`](nodejs/node@73a946d55c)] - **deps**: update ada to 2.7.5 (Node.js GitHub Bot) [#​51542](nodejs/node#51542) - \[[`cc434c1a39`](nodejs/node@cc434c1a39)] - **deps**: update ada to 2.7.4 (Node.js GitHub Bot) [#​50815](nodejs/node#50815) - \[[`3a3808a6ae`](nodejs/node@3a3808a6ae)] - **deps**: upgrade npm to 10.5.0 (npm team) [#​51913](nodejs/node#51913) - \[[`c8876d765c`](nodejs/node@c8876d765c)] - **deps**: upgrade npm to 10.3.0 (npm team) [#​51431](nodejs/node#51431) - \[[`5aec3af460`](nodejs/node@5aec3af460)] - **deps**: update corepack to 0.25.2 (Node.js GitHub Bot) [#​51810](nodejs/node#51810) - \[[`a593985326`](nodejs/node@a593985326)] - **deps**: update corepack to 0.24.1 (Node.js GitHub Bot) [#​51459](nodejs/node#51459) - \[[`d1a9237bf5`](nodejs/node@d1a9237bf5)] - **deps**: update corepack to 0.24.0 (Node.js GitHub Bot) [#​51318](nodejs/node#51318) - \[[`adac0c7a63`](nodejs/node@adac0c7a63)] - **deps**: update corepack to 0.23.0 (Node.js GitHub Bot) [#​50563](nodejs/node#50563) - \[[`4a6f83e32a`](nodejs/node@4a6f83e32a)] - **deps**: escape Python strings correctly (Michaël Zasso) [#​50695](nodejs/node#50695) - \[[`c13969e52a`](nodejs/node@c13969e52a)] - **deps**: V8: cherry-pick [`ea996ad`](nodejs/node@ea996ad04a68) (Nicolò Ribaudo) [#​51136](nodejs/node#51136) - \[[`6fbf0ba5c3`](nodejs/node@6fbf0ba5c3)] - **deps**: V8: cherry-pick [`a0fd320`](nodejs/node@a0fd3209dda8) (Nicolò Ribaudo) [#​51136](nodejs/node#51136) - \[[`68fd7516e1`](nodejs/node@68fd7516e1)] - **deps**: update timezone to 2024a (Michaël Zasso) [#​51723](nodejs/node#51723) - \[[`f9b229ebe1`](nodejs/node@f9b229ebe1)] - **deps**: update icu to 74.2 (Michaël Zasso) [#​51723](nodejs/node#51723) - \[[`90c73d2eb4`](nodejs/node@90c73d2eb4)] - **deps**: update timezone to 2023d (Node.js GitHub Bot) [#​51461](nodejs/node#51461) - \[[`2a2bf57028`](nodejs/node@2a2bf57028)] - **deps**: update icu to 74.1 (Node.js GitHub Bot) [#​50515](nodejs/node#50515) - \[[`425e011e52`](nodejs/node@425e011e52)] - **deps**: add v8::Object::SetInternalFieldForNodeCore() (Joyee Cheung) [#​49874](nodejs/node#49874) - \[[`58c70344a2`](nodejs/node@58c70344a2)] - **deps**: V8: cherry-pick [`705e374`](nodejs/node@705e374124ae) (Joyee Cheung) [#​51004](nodejs/node#51004) - \[[`b0e88899e1`](nodejs/node@b0e88899e1)] - **deps**: V8: cherry-pick [`1fada6b`](nodejs/node@1fada6b36f8d) (Joyee Cheung) [#​51004](nodejs/node#51004) - \[[`d87a810b81`](nodejs/node@d87a810b81)] - **deps**: V8: cherry-pick [`3dd9576`](nodejs/node@3dd9576ce336) (Joyee Cheung) [#​51004](nodejs/node#51004) - \[[`6d50966876`](nodejs/node@6d50966876)] - **deps**: V8: cherry-pick [`94e8282`](nodejs/node@94e8282325a1) (Joyee Cheung) [#​51004](nodejs/node#51004) - \[[`fafbacdfec`](nodejs/node@fafbacdfec)] - **deps**: V8: cherry-pick [`9a98f96`](nodejs/node@9a98f96b6d68) (Joyee Cheung) [#​51004](nodejs/node#51004) - \[[`d4a530ed8d`](nodejs/node@d4a530ed8d)] - **deps**: V8: cherry-pick [`7f5daed`](nodejs/node@7f5daed62d47) (Joyee Cheung) [#​51004](nodejs/node#51004) - \[[`1ce901b164`](nodejs/node@1ce901b164)] - **deps**: V8: cherry-pick [`c400af4`](nodejs/node@c400af48b5ef) (Joyee Cheung) [#​51004](nodejs/node#51004) - \[[`f232064f35`](nodejs/node@f232064f35)] - **doc**: fix historical experimental fetch flag (Kenrick) [#​51506](nodejs/node#51506) - \[[`194ff6a40f`](nodejs/node@194ff6a40f)] - **(SEMVER-MINOR)** **doc**: add deprecation notice to `dirent.path` (Antoine du Hamel) [#​50976](nodejs/node#50976) - \[[`0f09267dc6`](nodejs/node@0f09267dc6)] - **(SEMVER-MINOR)** **doc**: deprecate `dirent.path` (Antoine du Hamel) [#​50976](nodejs/node#50976) - \[[`8bfb8f5b2f`](nodejs/node@8bfb8f5b2f)] - **doc,crypto**: further clarify RSA_PKCS1\_PADDING support (Tobias Nießen) [#​51799](nodejs/node#51799) - \[[`c7baf7b274`](nodejs/node@c7baf7b274)] - **doc,crypto**: add changelog and note about disabled RSA_PKCS1\_PADDING (Filip Skokan) [#​51782](nodejs/node#51782) - \[[`a193be3dc2`](nodejs/node@a193be3dc2)] - **esm**: use import attributes instead of import assertions (Antoine du Hamel) [#​50140](nodejs/node#50140) - \[[`26e8f7793e`](nodejs/node@26e8f7793e)] - **(SEMVER-MINOR)** **fs**: introduce `dirent.parentPath` (Antoine du Hamel) [#​50976](nodejs/node#50976) - \[[`5b5e5192f7`](nodejs/node@5b5e5192f7)] - **lib**: fix compileFunction throws range error for negative numbers (Jithil P Ponnan) [#​49855](nodejs/node#49855) - \[[`7552de6806`](nodejs/node@7552de6806)] - **module**: fix the leak in SourceTextModule and ContextifySript (Joyee Cheung) [#​48510](nodejs/node#48510) - \[[`2e05cf1c60`](nodejs/node@2e05cf1c60)] - **module**: fix leak of vm.SyntheticModule (Joyee Cheung) [#​48510](nodejs/node#48510) - \[[`a86a2e14a3`](nodejs/node@a86a2e14a3)] - **module**: use symbol in WeakMap to manage host defined options (Joyee Cheung) [#​48510](nodejs/node#48510) - \[[`32906ddcac`](nodejs/node@32906ddcac)] - **node-api**: segregate nogc APIs from rest via type system (Gabriel Schulhof) [#​50060](nodejs/node#50060) - \[[`1aa71c26ff`](nodejs/node@1aa71c26ff)] - **node-api**: factor out common code into macros (Gabriel Schulhof) [#​50664](nodejs/node#50664) - \[[`3d0b233f52`](nodejs/node@3d0b233f52)] - **node-api**: introduce experimental feature flags (Gabriel Schulhof) [#​50991](nodejs/node#50991) - \[[`96514a8b9f`](nodejs/node@96514a8b9f)] - **src**: iterate on import attributes array correctly (Michaël Zasso) [#​50703](nodejs/node#50703) - \[[`2c2892bf88`](nodejs/node@2c2892bf88)] - **src**: set ModuleWrap internal fields only once (Joyee Cheung) [#​49391](nodejs/node#49391) - \[[`ff334cb774`](nodejs/node@ff334cb774)] - **src**: cast v8::Object::GetInternalField() return value to v8::Value (Joyee Cheung) [#​48943](nodejs/node#48943) - \[[`270b519971`](nodejs/node@270b519971)] - **stream**: do not defer construction by one microtick (Matteo Collina) [#​52005](nodejs/node#52005) - \[[`95d7a75084`](nodejs/node@95d7a75084)] - **test**: fix dns test case failures after c-ares update to 1.21.0+ (Brad House) [#​50743](nodejs/node#50743) - \[[`cd613e5167`](nodejs/node@cd613e5167)] - **test**: handle relative https redirect (Richard Lau) [#​51121](nodejs/node#51121) - \[[`40f10eafcf`](nodejs/node@40f10eafcf)] - **test**: fix `internet/test-inspector-help-page` (Richard Lau) [#​51693](nodejs/node#51693) - \[[`5e426511b1`](nodejs/node@5e426511b1)] - **test**: deflake test-vm-contextified-script-leak (Joyee Cheung) [#​49710](nodejs/node#49710) - \[[`0b156c6d28`](nodejs/node@0b156c6d28)] - **test**: use checkIfCollectable in vm leak tests (Joyee Cheung) [#​49671](nodejs/node#49671) - \[[`1586c11b3c`](nodejs/node@1586c11b3c)] - **test**: add checkIfCollectable to test/common/gc.js (Joyee Cheung) [#​49671](nodejs/node#49671) - \[[`902d8b3d4b`](nodejs/node@902d8b3d4b)] - **test**: fix flaky http-chunk-extensions-limit test (Ethan Arrowood) [#​51943](nodejs/node#51943) - \[[`1743d2bdc1`](nodejs/node@1743d2bdc1)] - **test**: test surrogate pair filenames on windows (Mert Can Altın) [#​51800](nodejs/node#51800) - \[[`1c1a7ec22d`](nodejs/node@1c1a7ec22d)] - **test**: increase platform timeout zlib-brotli-16gb (Rafael Gonzaga) [#​51792](nodejs/node#51792) - \[[`931d02fe3e`](nodejs/node@931d02fe3e)] - **test, v8**: fix wrong import attributes test (Nicolò Ribaudo) [#​52184](nodejs/node#52184) - \[[`d9ea6c1f8d`](nodejs/node@d9ea6c1f8d)] - **tls**: fix order of setting cipher before setting cert and key (Kumar Rishav) [#​50186](nodejs/node#50186) - \[[`3184befa2e`](nodejs/node@3184befa2e)] - **tools**: fix update-icu.sh (Michaël Zasso) [#​51723](nodejs/node#51723) - \[[`06646e11be`](nodejs/node@06646e11be)] - **(SEMVER-MINOR)** **vm**: use import attributes instead of import assertions (Antoine du Hamel) [#​50141](nodejs/node#50141) - \[[`fe66e9d06e`](nodejs/node@fe66e9d06e)] - **vm**: reject in importModuleDynamically without --experimental-vm-modules (Joyee Cheung) [#​50137](nodejs/node#50137) - \[[`052e095c6b`](nodejs/node@052e095c6b)] - **vm**: use internal versions of compileFunction and Script (Joyee Cheung) [#​50137](nodejs/node#50137) - \[[`9f7899ed0a`](nodejs/node@9f7899ed0a)] - **vm**: unify host-defined option generation in vm.compileFunction (Joyee Cheung) [#​50137](nodejs/node#50137) - \[[`6291c107d0`](nodejs/node@6291c107d0)] - **vm**: use default HDO when importModuleDynamically is not set (Joyee Cheung) [#​49950](nodejs/node#49950) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIwLjAuMC1zZW1hbnRpYy1yZWxlYXNlIiwidXBkYXRlZEluVmVyIjoiMC4wLjAtc2VtYW50aWMtcmVsZWFzZSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Reviewed-on: https://harton.dev/cinder/cinder-space/pulls/25 Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Set the cipher list and cipher suite before anything.
Because @SECLEVEL= changes the security level and that affects subsequent operations.
Reducing SECLEVEL to 0 in ciphers retains compatibility with previous versions of OpenSSL like using a small key as ciphers are getting set before the cert and key get loaded.
Fixes: #36655
Fixes: #49549
Refs: https://github.com/orgs/nodejs/discussions/49634https://github.com/orgs/nodejs/discussions/46545