diff --git a/src/bun.js/node/node_tls_binding.zig b/src/bun.js/node/node_tls_binding.zig index edd92cbc27..11ec0eb585 100644 --- a/src/bun.js/node/node_tls_binding.zig +++ b/src/bun.js/node/node_tls_binding.zig @@ -3,12 +3,24 @@ const std = @import("std"); const bun = @import("bun"); const JSC = bun.JSC; -pub fn getMinTLSVersion(globalThis: *JSC.JSGlobalObject, callframe: *JSC.CallFrame) bun.JSError!JSC.JSValue { +pub fn getDefaultMinTLSVersion(globalThis: *JSC.JSGlobalObject, callframe: *JSC.CallFrame) bun.JSError!JSC.JSValue { + _ = globalThis; // autofix _ = callframe; // autofix - return JSC.JSValue.toString(globalThis, bun.tls.min_tls_version); + + if (bun.tls.min_tls_version) |version| { + return JSC.JSValue.jsNumberFromDouble(version); + } + + return JSC.JSValue.jsNull(); } -pub fn getMaxTLSVersion(globalThis: *JSC.JSGlobalObject, callframe: *JSC.CallFrame) bun.JSError!JSC.JSValue { +pub fn getDefaultMaxTLSVersion(globalThis: *JSC.JSGlobalObject, callframe: *JSC.CallFrame) bun.JSError!JSC.JSValue { + _ = globalThis; // autofix _ = callframe; // autofix - return JSC.JSValue.toString(globalThis, bun.tls.max_tls_version); + + if (bun.tls.max_tls_version) |version| { + return JSC.JSValue.jsNumberFromDouble(version); + } + + return JSC.JSValue.jsNull(); } diff --git a/src/cli.zig b/src/cli.zig index f5d7bfc5f0..2262a97857 100644 --- a/src/cli.zig +++ b/src/cli.zig @@ -1561,9 +1561,6 @@ pub const Command = struct { }; pub const RuntimeOptions = struct { - tls_min: ?f32 = null, - tls_max: ?f32 = null, - smol: bool = false, debugger: Debugger = .{ .unspecified = {} }, if_present: bool = false, diff --git a/src/js/node/tls.ts b/src/js/node/tls.ts index 8b4f924cfe..1c2cae437d 100644 --- a/src/js/node/tls.ts +++ b/src/js/node/tls.ts @@ -1,4 +1,6 @@ // Hardcoded module "node:tls" +import type { SecureVersion } from "node:tls"; + const { isArrayBufferView, isTypedArray } = require("node:util/types"); const net = require("node:net"); const { Duplex } = require("node:stream"); @@ -12,17 +14,19 @@ const { Server: NetServer, Socket: NetSocket } = net; const { rootCertificates, canonicalizeIP } = $cpp("NodeTLS.cpp", "createNodeTLSBinding"); +type TLSSecureVersionNumber = SecureVersion extends `TLSv${infer N extends number}` ? N : never; + const getMinTLSVersion = $newZigFunction( "node_tls_binding.zig", - "getMinTLSVersion", + "getDefaultMinTLSVersion", 0, -) as () => import("node:tls").SecureVersion; +) as () => TLSSecureVersionNumber | null; const getMaxTLSVersion = $newZigFunction( "node_tls_binding.zig", - "getMaxTLSVersion", + "getDefaultMaxTLSVersion", 0, -) as () => import("node:tls").SecureVersion; +) as () => TLSSecureVersionNumber | null; const SymbolReplace = Symbol.replace; const RegExpPrototypeSymbolReplace = RegExp.prototype[SymbolReplace]; @@ -667,9 +671,10 @@ function createServer(options, connectionListener) { const DEFAULT_ECDH_CURVE = "auto", // https://github.com/Jarred-Sumner/uSockets/blob/fafc241e8664243fc0c51d69684d5d02b9805134/src/crypto/openssl.c#L519-L523 DEFAULT_CIPHERS = - "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256", - DEFAULT_MIN_VERSION = getMinTLSVersion(), - DEFAULT_MAX_VERSION = getMaxTLSVersion(); + "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"; + +const DEFAULT_MIN_VERSION: SecureVersion = `TLSv${getMinTLSVersion() ?? "1"}`; +const DEFAULT_MAX_VERSION: SecureVersion = `TLSv${getMaxTLSVersion() ?? "1.3"}`; function normalizeConnectArgs(listArgs) { const args = net._normalizeArgs(listArgs); diff --git a/src/tls.zig b/src/tls.zig index b5300771f9..b22e9bf92c 100644 --- a/src/tls.zig +++ b/src/tls.zig @@ -1,4 +1,4 @@ const bun = @import("bun"); -pub var min_tls_version: ?f32 = null; -pub var max_tls_version: ?f32 = null; +pub var min_tls_version: ?f64 = null; +pub var max_tls_version: ?f64 = null;