-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls.connect() options ciphers no longer accept null as a valid value in node v15.3.0 #36292
Comments
cc @spalger for the https://github.com/elastic/elasticsearch-js-legacy/ part ^^ |
I did a bisect and the commit that introduced this issue is 35274cb. |
Yep, already planning on working on it on Monday. |
It's a one-line fix so I hope I'm not ruining your Monday plans/strategy.: #36318 |
I think the same fix is needed for |
Reopening based on #36292 (comment). /ping @jasnell |
Allow null along with undefined for cipher value. Fixes: #36292 PR-URL: #36318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Allow null along with undefined for cipher value. Fixes: nodejs#36292 PR-URL: nodejs#36318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Can we look into this. This is the only thing left before I can switch to latest LTS due to The APNS library https://github.com/parse-community/node-apn expect http2.connect(`https://api.push.apple.com/`, { cert, key, pfx: null }) The node/lib/internal/tls/secure-context.js Line 264 in ecf4114
|
@nodejs/crypto @nodejs/http2 Can anyone comment? |
I think I can submit PR if null is acceptable. v14 and latest doc doesn't mentioned specifically either undefined or null. |
Where does it do this? I could not find a reference to I see no problem in allowing |
Allow null along with undefined for pfx value. This is to avoid breaking change when upgrading v14 to v16 and 3rd party library passing null to pfx Fixes: nodejs#36292
https://github.com/parse-community/node-apn/blob/master/doc/provider.markdown How about I'm not sure of those options, but the pattern is very similar. Let me know if I can include those options in the PR. |
I would just include them all, thanks. |
In case anyone got here looking for a workaround, but for some reason you don't have the luxury of being able to set |
Allow null along with undefined for pfx value. This is to avoid breaking change when upgrading v14 to v16 and 3rd party library passing null to pfx Fixes: nodejs#36292
Allow the expected null along with undefined for options value. This is to avoid breaking change when upgrading v14 to v16 and 3rd party library passing null to options Fixes: nodejs#36292
Thanks @fholzer , you saved the day. |
Allow null along with undefined for pfx value. This is to avoid breaking change when upgrading v14 to v16 and 3rd party library passing null to pfx Fixes: nodejs#36292 PR-URL: nodejs#41170 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
To anyone still finding this when using the elasticsearch client... Your options:
|
node v15.3.0
Reproduced on Linux 5.9.0-3-amd64 #1 SMP Debian 5.9.9-1 (2020-11-19) x86_64 GNU/Linux - but probably applicable on all platform
tls.connect() options
What steps will reproduce the bug?
Before version 15.3.0 tls.connect (also accepted by https.request() ) option value null was accepted as falsy value for the cipthers option.
As of version 15.3.0, passing option.ciphers = null throw an error.
case.js (tweaked from https://nodejs.org/api/https.html#https_https_request_options_callback )
You get a connection that end up with 200 OK using this v15.2.1 dockerfile
but it will throw an error with a v15.3.0 dockerfile
How often does it reproduce? Is there a required condition?
throw an error 100% of the time on v15.3.0 with options.ciphers = null
What is the expected behavior?
I have no doubt it is a changing behavior, but i don't know what was the expected behavior of an undocumented cipher option value in the first place either. i just know that it used to work.
What do you see instead?
behavior changed, it now throw an error :
Additional information
The point of this report is to warn about this non-obvious breaking behavior change and not to say it's not acceptable/legit api change.
ps: Thanks to @jasnell for encouraging me to write an issue 👍
The text was updated successfully, but these errors were encountered: