mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

feat: add disabledCipherSuites option to setSSLConfig (#25818)

Browse source
This commit is contained in:
Jeremy Rose 2020-10-21 11:03:59 -07:00 committed by GitHub
parent f6a27973d1
commit 22cb3cd18b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 85 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/api/session.md
View file

@ -574,11 +574,20 @@ Returns `String` - The user agent for this session.
#### `ses.setSSLConfig(config)`
* `config` Object
* `minVersion` String - Can be `tls1`, `tls1.1`, `tls1.2` or `tls1.3`. The
* `minVersion` String (optional) - Can be `tls1`, `tls1.1`, `tls1.2` or `tls1.3`. The
minimum SSL version to allow when connecting to remote servers. Defaults to
`tls1`.
* `maxVersion` String - Can be `tls1.2` or `tls1.3`. The maximum SSL version
* `maxVersion` String (optional) - Can be `tls1.2` or `tls1.3`. The maximum SSL version
to allow when connecting to remote servers. Defaults to `tls1.3`.
* `disabledCipherSuites` Integer[] (optional) - List of cipher suites which
should be explicitly prevented from being used in addition to those
disabled by the net built-in policy.
Supported literal forms: 0xAABB, where AA is `cipher_suite[0]` and BB is
`cipher_suite[1]`, as defined in RFC 2246, Section 7.4.1.2. Unrecognized but
parsable cipher suites in this form will not return an error.
Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
Note that TLSv1.3 ciphers cannot be disabled using this mechanism.
Sets the SSL configuration for the session. All subsequent network requests
will use the new configuration. Existing network connections (such as WebSocket