Nationwide Polamorous Matrimony

    minimum-tls-version

    0.0.3 • Public • Published

    Minimum TLS version

    Allows you to easily specify a mimimum TLS/SSL version for node.js and io.js secureProtocol option.

    All TLS/SSL versions older than the minimum will be disabled. The full list of TLS/SSL versions is below.

    Usage

    Just load the module:

    var minimumTLSVersion = require('minimum-tls-version');
    

    Then specify the minimum TLS version. For example:

    minimumTLSVersion('tlsv11')
    

    ...would disable all TLS/SSL versions older than tlsv11 (eg, tlsv1, sslv3 and sslv2 are now disabled):

    Whereas:

    minimumTLSVersion('sslv3')
    

    ...would disable all TLS/SSL versions older than sslv3 (eg, sslv2 is disabled):

    You'd normally use these values with https.createServers secureOptions option, eg, in plain node:

    https.createServer({
    	key: privateKey,
    	cert: certificate,
    	ca: certificateAuthority,
    	secureOptions: minimumTLSVersion('tlsv11')
    });
    

    Or for express.js

    var server = https.createServer({
    	key: privateKey,
    	cert: certificate,
    	ca: certificateAuthority,
    	secureOptions: minimumTLSVersion('tlsv11')
    }, app);
    

    Quick recap of TLS/SSL versions

    tlsv12 (when using OpenSSL 1.0.1 and later)

    Defined in RFC 5246

    tlsv11 (when using OpenSSL 1.0.1 and later)

    Defined in RFC 4346.

    tlsv1

    The Transport Layer Security (TLS) protocol, version 1.0, defined in RFC 2246.

    sslv3

    The Secure Sockets Layer (SSL) protocol, version 3.0, from the Netscape Corporation.

    sslv2

    The Secure Sockets Layer (SSL) protocol, version 2.0. It is the original SSL protocol as designed by Netscape Corporation. Though its use has been deprecated, because of weaknesses in the security of the protocol.

    Install

    npm i minimum-tls-version

    DownloadsWeekly Downloads

    232

    Version

    0.0.3

    License

    MIT

    Last publish

    Collaborators

    • mikemaccana