Answer the question
In order to leave comments, you need to log in
Y
Y
Yuri Popov2014-10-20 23:34:52
Yuri Popov, 2014-10-20 23:34:52
How to enable DHE in NodeJS?
Either the skis don't go, or ...
I'm trying to get DHE / EDH in Node.JS (0.11.13).
server.js
var spdy = require('spdy'),
http = require('http'),
fs = require('fs'),
constants = require('constants');
var options = {
windowSize: 1024 * 1024,
ciphers: [
"ECDH+aRSA+AESGCM",
"ECDH+aRSA+AES",
"EDH+aRSA+AESGCM",
"EDH+aRSA+AES",
"DH+aRSA+AESGCM",
"DH+aRSA+AES",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-AES128-SHA",
"EDH-RSA-DES-CBC3-SHA",
"DHE-RSA-AES256-SHA",
"AES256-SHA256",
"AES256-SHA",
"DES-CBC3-SHA"
].join(':'),
SSLProtocol: 'all',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_SINGLE_DH_USE | constants.SSL_OP_SINGLE_ECDH_USE,
honorCipherOrder: true,
ca: fs.readFileSync(__dirname+'/ca.cer'),
extend: function(a){
for(var t in this){
if ((t != 'extend') && (!a[t])) a[t] = this[t];
}
return a;
}
};
with(spdy.createServer(options.extend({
key: fs.readFileSync(__dirname+'/phoenix.key'),
cert: fs.readFileSync(__dirname+'/phoenix.cer'),
}),require('./phoenix/app.js'))){
listen(443,'<Amazon aws internal IP was here>');
};But the output is just this:
ssllabs
What's happening?
openssl ciphers
[email protected]:~$ openssl ciphers -v "ECDH+aRSA+AESGCM:ECDH+aRSA+AES:EDH+aRSA+AESGCM:EDH+aRSA+AES:DH+aRSA+AESGCM:DH+aRSA+AES:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA:AES256-SHA256:AES256-SHA:DES-CBC3-SHA"
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 1 answer(s)
@donnerjack13589
F
Fedor Indutny, 2015-01-28 @donnerjack13589
For DHE to work, you need to specify `dhparam` in the settings: https://iojs.org/api/tls.html#tls_tls_createserver...
Similar questions
S
H
A
M
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question