tls: set ecdhCurve default to 'auto' (!16853) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/Hativ/master into master Nov 07, 2017

For best out-of-the-box compatibility there should not be one default ecdhCurve for the tls client, OpenSSL should choose them automatically.

I've had a lot of struggle connecting to a server that did not support the default curve. Many third party modules have no support for setting ecdhCurve, therefore I think the tls client should support as much curves as possible by default. Using 'auto' would achieve this.

Refs: https://github.com/nodejs/node/issues/16196 Refs: https://github.com/nodejs/node/issues/1495 Refs: https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3) Refs: https://github.com/nodejs/node/pull/15206

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Affected core subsystem(s)

tls

Admin message

Admin message

tls: set ecdhCurve default to 'auto'

Checklist

Affected core subsystem(s)

Merge request reports