How to disable tls 1.0 and only use tls 1.1 using nodejs
I want to disable TLS v1.0 and only use TLS 1.1 and above.
In nodejs I am using a module https
, how do I set https options?
I have read api doc node api tls , but I still don't know how to install this.
I think it depends on secureProtocol
and cipher
, but I just don't know how to set the value.
My node version is 0.10.36 and openssl version is 0.9.8j.
+3
source to share
3 answers
The use of the constant module is undocumented. The best way to disable TLS v1.0 would be to use constants from the crypto module. See the documentation on the Node.js website for reference.
The solution then becomes this:
const { constants } = require('crypto')
https.createServer({
secureOptions: constants.SSL_OP_NO_TLSv1,
pfx: fs.readFileSync(path.resolve(pathToCert))
}, app).listen(443)
0
source to share