Skip to content

Commit

Permalink
tls: add tlsSocket.disableRenegotiation()
Browse files Browse the repository at this point in the history
Allows TLS renegotiation to be disabled per `TLSSocket` instance.
Per HTTP/2, TLS renegotiation is forbidden after the initial
connection prefix is exchanged.

Backport-PR-URL: #14813
Backport-Reviewed-By: Anna Henningsen <[email protected]>
Backport-Reviewed-By: Timothy Gu <[email protected]>

PR-URL: #14239
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
  • Loading branch information
jasnell authored and addaleax committed Aug 14, 2017
1 parent e0001dc commit e84c9d7
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 0 deletions.
8 changes: 8 additions & 0 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -552,6 +552,14 @@ added: v0.11.4
Returns `true` if the peer certificate was signed by one of the CAs specified
when creating the `tls.TLSSocket` instance, otherwise `false`.

### tlsSocket.disableRenegotiation()
<!-- YAML
added: REPLACEME
-->

Disables TLS renegotiation for this `TLSSocket` instance. Once called, attempts
to renegotiate will trigger an `'error'` event on the `TLSSocket`.

### tlsSocket.encrypted
<!-- YAML
added: v0.11.4
Expand Down
10 changes: 10 additions & 0 deletions lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ const Timer = process.binding('timer_wrap').Timer;
const tls_wrap = process.binding('tls_wrap');
const TCP = process.binding('tcp_wrap').TCP;
const Pipe = process.binding('pipe_wrap').Pipe;
const kDisableRenegotiation = Symbol('disable-renegotiation');

function onhandshakestart() {
debug('onhandshakestart');
Expand Down Expand Up @@ -63,6 +64,11 @@ function onhandshakestart() {
self._emitTLSError(err);
});
}

if (this[kDisableRenegotiation] && ssl.handshakes > 0) {
const err = new Error('TLS session renegotiation disabled for this socket');
self._emitTLSError(err);
}
}


Expand Down Expand Up @@ -357,6 +363,10 @@ tls_wrap.TLSWrap.prototype.close = function close(cb) {
return this._parent.close(done);
};

TLSSocket.prototype.disableRenegotiation = function disableRenegotiation() {
this[kDisableRenegotiation] = true;
};

TLSSocket.prototype._wrapHandle = function(wrap) {
var res;
var handle;
Expand Down
67 changes: 67 additions & 0 deletions test/parallel/test-tls-disable-renegotiation.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
'use strict';
const common = require('../common');
const assert = require('assert');
const fs = require('fs');

// Tests that calling disableRenegotiation on a TLSSocket stops renegotiation.

if (!common.hasCrypto) {
common.skip('missing crypto');
return;
}
const tls = require('tls');

const options = {
key: fs.readFileSync(`${common.fixturesDir}/keys/agent1-key.pem`),
cert: fs.readFileSync(`${common.fixturesDir}/keys/agent1-cert.pem`)
};

const server = tls.Server(options, common.mustCall((socket) => {
socket.on('error', common.mustCall((err) => {
assert.strictEqual(
err.message,
'TLS session renegotiation disabled for this socket');
socket.destroy();
server.close();
}));
// Disable renegotiation after the first chunk of data received.
// Demonstrates that renegotiation works successfully up until
// disableRenegotiation is called.
socket.on('data', common.mustCall((chunk) => {
socket.write(chunk);
socket.disableRenegotiation();
}));
socket.on('secure', common.mustCall(() => {
assert(socket._handle.handshakes < 2,
`Too many handshakes [${socket._handle.handshakes}]`);
}));
}));


server.listen(0, common.mustCall(() => {
const port = server.address().port;
const client =
tls.connect({rejectUnauthorized: false, port: port}, common.mustCall(() => {
client.write('');
// Negotiation is still permitted for this first
// attempt. This should succeed.
client.renegotiate(
{rejectUnauthorized: false},
common.mustCall(() => {
// Once renegotiation completes, we write some
// data to the socket, which triggers the on
// data event on the server. After that data
// is received, disableRenegotiation is called.
client.write('data', common.mustCall(() => {
client.write('');
// This second renegotiation attempt should fail
// and the callback should never be invoked. The
// server will simply drop the connection after
// emitting the error.
client.renegotiate(
{rejectUnauthorized: false},
common.mustNotCall());
}));
}));
}));
}));

0 comments on commit e84c9d7

Please sign in to comment.