I want to disable the TLS v1.0 and use TLS 1.1 and above only.
By nodejs, I use the https
module, how to set the https options?
I have read the api doc node api tls, but I still don't know how to set this.
I think it depends on the secureProtocol
and cipher
, but I just don't know how to set the value.
My node version is 0.10.36, and openssl version is 0.9.8j.
TLS 1.0/1.1 will not be disabled by default for Internet Explorer and EdgeHTML (the rendering engine for the WebView control) until 2022. Organizations that wish to disable TLS 1.0 and TLS 1.1 before that time may do so using Group Policy.
Marco's solution worked for me, but as TLS 1.1 is also considered a vulnerability, it is better to disable both and go with TLS 1.2
const { constants } = require('crypto')
https.createServer({
secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1
pfx: fs.readFileSync(path.resolve(pathToCert))
}, app).listen(443)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With