How to disable tls 1.0 and only use tls 1.1 using nodejs

Question

How to disable tls 1.0 and only use tls 1.1 using nodejs

I want to disable TLS v1.0 and only use TLS 1.1 and above.

In nodejs I am using a module https

, how do I set https options?

I have read api doc node api tls , but I still don't know how to install this.

I think it depends on secureProtocol

and cipher

, but I just don't know how to set the value.

My node version is 0.10.36 and openssl version is 0.9.8j.

+3

node.js ssl

shangyin 03 jul. 15 at 7:27

source to share

3 answers

user896993 · Answer 1 · 2016-07-29T11:45:10+0000

TLS 1.0 should no longer be used. This works to disable TLS 1.0 in node.js:

https.createServer({
    secureOptions: require('constants').SSL_OP_NO_TLSv1,
    pfx: fs.readFileSync(path.resolve(pathToCert))
}, app).listen(443);

You can check it with this tool: ssllabs

marcoc88 · Answer 2 · 2018-02-16T23:42:13+0000

The use of the constant module is undocumented. The best way to disable TLS v1.0 would be to use constants from the crypto module. See the documentation on the Node.js website for reference.

The solution then becomes this:

const { constants } = require('crypto')
https.createServer({
    secureOptions: constants.SSL_OP_NO_TLSv1,
    pfx: fs.readFileSync(path.resolve(pathToCert))
}, app).listen(443)

Prem sanil · Answer 3 · 2018-03-13T07:28:22+0000

It will be helpful if someone is using MEANjs

using

secureProtocol: 'TLSv1_2_server_method',

instead

secureProtocol: 'TLSv1_method',

config / lib / socket.io.js file location

Works without problems.

How to disable tls 1.0 and only use tls 1.1 using nodejs

More articles: