From dec8a21cc837c40013d8a1266a92783d8d638a34 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Fri, 10 Apr 2020 13:04:10 +0200
Subject: [PATCH] tls: provide default cipher list from command line

Avoid storing data that depends on command line options on internal
bindings. This is generally a cleaner way of accessing CLI options.

PR-URL: https://github.com/nodejs/node/pull/32760
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
---
 lib/crypto.js                         |  5 +++++
 lib/tls.js                            |  3 +--
 src/node_constants.cc                 |  6 ------
 test/parallel/test-tls-cipher-list.js | 10 ++++++----
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/crypto.js b/lib/crypto.js
index cec0b2c094fa70..5e45a1cd987260 100644
--- a/lib/crypto.js
+++ b/lib/crypto.js
@@ -25,6 +25,7 @@
 'use strict';
 
 const {
+  ObjectDefineProperty,
   ObjectDefineProperties,
 } = primordials;
 
@@ -224,6 +225,10 @@ function getFipsForced() {
   return 1;
 }
 
+ObjectDefineProperty(constants, 'defaultCipherList', {
+  value: getOptionValue('--tls-cipher-list')
+});
+
 ObjectDefineProperties(module.exports, {
   createCipher: {
     enumerable: false,
diff --git a/lib/tls.js b/lib/tls.js
index 281de073c49574..2ccbe409c96c2d 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -56,8 +56,7 @@ const _tls_wrap = require('_tls_wrap');
 exports.CLIENT_RENEG_LIMIT = 3;
 exports.CLIENT_RENEG_WINDOW = 600;
 
-exports.DEFAULT_CIPHERS =
-    internalBinding('constants').crypto.defaultCipherList;
+exports.DEFAULT_CIPHERS = getOptionValue('--tls-cipher-list');
 
 exports.DEFAULT_ECDH_CURVE = 'auto';
 
diff --git a/src/node_constants.cc b/src/node_constants.cc
index 68af221b60aa65..5d99fa181a0472 100644
--- a/src/node_constants.cc
+++ b/src/node_constants.cc
@@ -1072,12 +1072,6 @@ void DefineCryptoConstants(Local<Object> target) {
   NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_UNCOMPRESSED);
 
   NODE_DEFINE_CONSTANT(target, POINT_CONVERSION_HYBRID);
-
-  NODE_DEFINE_STRING_CONSTANT(
-      target,
-      "defaultCipherList",
-      per_process::cli_options->tls_cipher_list.c_str());
-
 #endif
 }
 
diff --git a/test/parallel/test-tls-cipher-list.js b/test/parallel/test-tls-cipher-list.js
index ddbe6a33f6409d..b3c34a74bf4ee0 100644
--- a/test/parallel/test-tls-cipher-list.js
+++ b/test/parallel/test-tls-cipher-list.js
@@ -8,11 +8,11 @@ const assert = require('assert');
 const spawn = require('child_process').spawn;
 const defaultCoreList = require('crypto').constants.defaultCoreCipherList;
 
-function doCheck(arg, check) {
+function doCheck(arg, expression, check) {
   let out = '';
   arg = arg.concat([
     '-pe',
-    'require("crypto").constants.defaultCipherList'
+    expression
   ]);
   spawn(process.execPath, arg, {})
     .on('error', common.mustNotCall())
@@ -24,7 +24,9 @@ function doCheck(arg, check) {
 }
 
 // Test the default unmodified version
-doCheck([], defaultCoreList);
+doCheck([], 'crypto.constants.defaultCipherList', defaultCoreList);
+doCheck([], 'tls.DEFAULT_CIPHERS', defaultCoreList);
 
 // Test the command line switch by itself
-doCheck(['--tls-cipher-list=ABC'], 'ABC');
+doCheck(['--tls-cipher-list=ABC'], 'crypto.constants.defaultCipherList', 'ABC');
+doCheck(['--tls-cipher-list=ABC'], 'tls.DEFAULT_CIPHERS', 'ABC');