I want to disable the TLS v1.0 and use TLS 1.1 and above only.
By nodejs, I use the https module, how to set the https options?
I have read the api doc node api tls, but I still don't know how to set this.
I think it depends on the secureProtocol and cipher, but I just don't know how to set the value.
My node version is 0.10.36, and openssl version is 0.9.8j.
TLS 1.0 should no longer be used. This works to disable TLS 1.0 in node.js:
https.createServer({ secureOptions: require('constants').SSL_OP_NO_TLSv1, pfx: fs.readFileSync(path.resolve(pathToCert)) }, app).listen(443); You can verify this using this tool: ssllabs
The use of the constants module is undocumented. A better way to disable TLS v1.0 would be to use constants from the crypto module instead. See the documentation on the Node.js website for reference.
The solution then becomes the following:
const { constants } = require('crypto') https.createServer({ secureOptions: constants.SSL_OP_NO_TLSv1, pfx: fs.readFileSync(path.resolve(pathToCert)) }, app).listen(443) This will be helpful if any one is using MEANjs
use
secureProtocol: 'TLSv1_2_server_method', instead of
secureProtocol: 'TLSv1_method', file location config/lib/socket.io.js
Works without issue.