tls: add --tls-min-v1.2 CLI switch

Switch added in v11.x, add it to master/12.x for consistency and compatibility. See: https://github.com/nodejs/node/pull/26951, commit bf2c283555 PR-URL: https://github.com/nodejs/node/pull/27520 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
2024-11-21 10:59:27 +00:00 · 2019-05-01 11:45:45 -07:00 · 2019-05-01 11:45:45 -07:00 · 3d98051e20
commit 3d98051e20
parent 7467a5d439
6 changed files with 35 additions and 0 deletions
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
@ -586,6 +586,15 @@ added: v12.0.0
 Set default [`tls.DEFAULT_MIN_VERSION`][] to 'TLSv1.1'. Use for compatibility
 with old TLS clients or servers.

+### `--tls-min-v1.2`
+<!-- YAML
+added: REPLACEME
+-->
+
+Set default [`tls.DEFAULT_MIN_VERSION`][] to 'TLSv1.2'. This is the default for
+12.x and later, but the option is supported for compatibility with older Node.js
+versions.
+
 ### `--tls-min-v1.3`
 <!-- YAML
 added: v12.0.0
--- a/doc/node.1
+++ b/doc/node.1
@ -278,6 +278,10 @@ or servers.
 Set default minVersion to 'TLSv1.1'. Use for compatibility with old TLS clients
 or servers.
 .
+.It Fl -tls-min-v1.2
+Set default minVersion to 'TLSv1.2'. This is the default for 12.x and later,
+but the option is supported for compatibility with older Node.js versions.
+.
 .It Fl -tls-min-v1.3
 Set default minVersion to 'TLSv1.3'. Use to disable support for TLSv1.2 in
 favour of TLSv1.3, which is more secure.
--- a/lib/tls.js
+++ b/lib/tls.js
@ -60,6 +60,8 @@ if (getOptionValue('--tls-min-v1.0'))
  exports.DEFAULT_MIN_VERSION = 'TLSv1';
 else if (getOptionValue('--tls-min-v1.1'))
  exports.DEFAULT_MIN_VERSION = 'TLSv1.1';
+else if (getOptionValue('--tls-min-v1.2'))
+  exports.DEFAULT_MIN_VERSION = 'TLSv1.2';
 else if (getOptionValue('--tls-min-v1.3'))
  exports.DEFAULT_MIN_VERSION = 'TLSv1.3';
 else
--- a/src/node_options.cc
+++ b/src/node_options.cc
@ -433,6 +433,10 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
            "set default TLS minimum to TLSv1.1 (default: TLSv1.2)",
            &EnvironmentOptions::tls_min_v1_1,
            kAllowedInEnvironment);
+  AddOption("--tls-min-v1.2",
+            "set default TLS minimum to TLSv1.2 (default: TLSv1.2)",
+            &EnvironmentOptions::tls_min_v1_2,
+            kAllowedInEnvironment);
  AddOption("--tls-min-v1.3",
            "set default TLS minimum to TLSv1.3 (default: TLSv1.2)",
            &EnvironmentOptions::tls_min_v1_3,
--- a/src/node_options.h
+++ b/src/node_options.h
@ -134,6 +134,7 @@ class EnvironmentOptions : public Options {

  bool tls_min_v1_0 = false;
  bool tls_min_v1_1 = false;
+  bool tls_min_v1_2 = false;
  bool tls_min_v1_3 = false;
  bool tls_max_v1_2 = false;
  bool tls_max_v1_3 = false;
--- a/test/parallel/test-tls-cli-min-version-1.2.js
+++ b/test/parallel/test-tls-cli-min-version-1.2.js
@ -0,0 +1,15 @@
+// Flags: --tls-min-v1.2
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto) common.skip('missing crypto');
+
+// Check that node `--tls-min-v1.2` is supported.
+
+const assert = require('assert');
+const tls = require('tls');
+
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
+assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.2');
+
+// Check the min-max version protocol versions against these CLI settings.
+require('./test-tls-min-max-version.js');