当前位置: 动力学知识库 > 问答 > 编程问答 >

node.js - node js tls1.2 and authentication

问题描述:

Is there any sample code out there for https server using a SSLCertificateFile and SSLCertificateKeyFile authenticate with tls 1.2?

Any pointers to relevant samples would be highly appreciated.

ssllabs states it is vulnerable to DoS because it supports client-initiated renegotiation

and i can't get fusker's to create an ssl server

var https = require('https');

var fs = require('fs');

var fusker = require('fusker');

//var server = fusker.https.createServer(443);

//var io = fusker.socket.listen(server);

var options = {

key: fs.readFileSync('/etc/ssl/server.key'),

cert: fs.readFileSync('/etc/ssl/mathpdq.crt'),

ciphers: 'RC4-SHA:RC4:ECDHE-RSA-AES256-SHA:AES256-SHA:HIGH:!MD5:!aNULL:!EDH:!AESGCM',

honorCipherOrder: true

};

https.createServer(options, function (req, res) {

res.writeHead(200);

res.end("hello world\n");

}).listen(443);

网友答案:

Creating a https listener is easy but it's not clear whether you have specific issues creating one with TLS 1.2. Recent node builds against a new enough version of OpenSSL to pick up their 1.2 support.

Then you need both the ciphers and honorCipherOrder options as described here: http://nodejs.org/api/tls.html

e.g

var https = require('https');
var fs = require('fs');

var options = {
    key: fs.readFileSync('my.key'),
    cert: fs.readFileSync('my.crt'),
    ciphers: 'ECDHE-RSA-AES256-SHA:AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM',
    honorCipherOrder: true
};

var server = https.createServer(options, function (req, res) {
    ...});

server.listen(443);
分享给朋友:
您可能感兴趣的文章:
随机阅读: