diff --git a/doc/api/crypto.md b/doc/api/crypto.md index b804b9bb4be909..4df9601bf47bef 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3160,6 +3160,11 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. + + SSL_OP_ALLOW_NO_DHE_KEX + Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode + for TLS v1.3 + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Allows legacy insecure renegotiation between OpenSSL and unpatched @@ -3232,10 +3237,18 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. SSL_OP_NO_COMPRESSION Instructs OpenSSL to disable support for SSL/TLS compression. + + SSL_OP_NO_ENCRYPT_THEN_MAC + Instructs OpenSSL to disable encrypt-then-MAC. + SSL_OP_NO_QUERY_MTU + + SSL_OP_NO_RENEGOTIATION + Instructs OpenSSL to disable renegotiation. + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION Instructs OpenSSL to always start a new session when performing @@ -3264,6 +3277,10 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. SSL_OP_NO_TLSv1_2 Instructs OpenSSL to turn off TLS v1.2 + + + SSL_OP_NO_TLSv1_3 + Instructs OpenSSL to turn off TLS v1.3 SSL_OP_PKCS1_CHECK_1 @@ -3272,6 +3289,14 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. SSL_OP_PKCS1_CHECK_2 + + SSL_OP_PRIORITIZE_CHACHA + Instructs OpenSSL server to prioritize ChaCha20Poly1305 + when client does. + This option has no effect if + SSL_OP_CIPHER_SERVER_PREFERENCE + is not enabled. + SSL_OP_SINGLE_DH_USE Instructs OpenSSL to always create a new key when using diff --git a/src/node_constants.cc b/src/node_constants.cc index 5d99fa181a0472..38c8f2738b4bad 100644 --- a/src/node_constants.cc +++ b/src/node_constants.cc @@ -806,6 +806,10 @@ void DefineCryptoConstants(Local target) { NODE_DEFINE_CONSTANT(target, SSL_OP_ALL); #endif +#ifdef SSL_OP_ALLOW_NO_DHE_KEX + NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_NO_DHE_KEX); +#endif + #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION NODE_DEFINE_CONSTANT(target, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); #endif @@ -870,10 +874,18 @@ void DefineCryptoConstants(Local target) { NODE_DEFINE_CONSTANT(target, SSL_OP_NO_COMPRESSION); #endif +#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_ENCRYPT_THEN_MAC); +#endif + #ifdef SSL_OP_NO_QUERY_MTU NODE_DEFINE_CONSTANT(target, SSL_OP_NO_QUERY_MTU); #endif +#ifdef SSL_OP_NO_RENEGOTIATION + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_RENEGOTIATION); +#endif + #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION NODE_DEFINE_CONSTANT(target, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); #endif @@ -902,6 +914,10 @@ void DefineCryptoConstants(Local target) { NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_2); #endif +#ifdef SSL_OP_NO_TLSv1_3 + NODE_DEFINE_CONSTANT(target, SSL_OP_NO_TLSv1_3); +#endif + #ifdef SSL_OP_PKCS1_CHECK_1 NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_1); #endif @@ -910,6 +926,10 @@ void DefineCryptoConstants(Local target) { NODE_DEFINE_CONSTANT(target, SSL_OP_PKCS1_CHECK_2); #endif +#ifdef SSL_OP_PRIORITIZE_CHACHA + NODE_DEFINE_CONSTANT(target, SSL_OP_PRIORITIZE_CHACHA); +#endif + #ifdef SSL_OP_SINGLE_DH_USE NODE_DEFINE_CONSTANT(target, SSL_OP_SINGLE_DH_USE); #endif