@SECLEVEL=X does not enable TLSv1 #60569
Description
Affected URL(s)
https://nodejs.org/api/tls.html#setting-security-levels
Description of the problem
After running the below script:
import { createServer, connect } from 'node:tls';
const port = 443;
createServer({ ciphers: 'DEFAULT@SECLEVEL=0', minVersion: 'TLSv1' }, function(socket) {
console.log('Client connected with protocol:', socket.getProtocol());
socket.end();
this.close();
})
.listen(port, () => {
connect(port, { ciphers: 'DEFAULT@SECLEVEL=0', maxVersion: 'TLSv1' });
});I get the error:
node:events:486
throw er; // Unhandled 'error' event
^
Error: 80F3C7A933760000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:../deps/openssl/openssl/ssl/statem/statem_lib.c:155:
at TLSSocket._start (node:internal/tls/wrap:1097:16)
at Object.onceWrapper (node:events:622:28)
at TLSSocket.emit (node:events:520:35)
at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1622:10)
Emitted 'error' event on TLSSocket instance at:
at emitErrorNT (node:internal/streams/destroy:170:8)
at emitErrorCloseNT (node:internal/streams/destroy:129:3)
at process.processTicksAndRejections (node:internal/process/task_queues:89:21) {
library: 'SSL routines',
reason: 'no protocols available',
code: 'ERR_SSL_NO_PROTOCOLS_AVAILABLE'
}
It seems like tls.DEFAULT_MIN_VERSION is TLSv1.2. Maybe when setting a lower maxVersion, this property is not automatically lowered.