[tls] Error ERR_TLS_INVALID_PROTOCOL_METHOD for TLSv1_3_method

[styfle]

• Version: 12.13.0
• Platform: Linux 8df3513b3f7c 4.9.184-linuxkit #1 SMP Tue Jul 2 22:58:16 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
• Subsystem: tls

Details

It looks like @sam-github implemented TLS 1.3 in PR #26209 (very nice 🎉) but it appears that the TLSv1_3_method secureProtocol was not included.

Steps to reproduce

const { createSecureContext, connect } = require('tls');
const secureProtocol = 'TLSv1_3_method';
const opt = {
  host: 'google.com',
  port: 443,
  secureContext: createSecureContext({ secureProtocol })
};
const socket = connect(opt, () => {
  if (!socket.authorized) {
    console.error(socket.authorizationError);
    return;
  }
  const cipher = socket.getCipher();
  cipher.tlsProtocol = socket.getProtocol();
  socket.end();
  console.log(cipher);
});

socket.on('error', e => console.error(e));

You can see that changing secureProtocol = 'TLSv1_2_method' works correctly.

I came across this issue when adding TLS 1.3 support to tls-check.

[richardlau]

It looks like OpenSSL does not publicly export any TLSv1_3_*method() functions: openssl/openssl#3800

Presumably no TLSv1_3_*methods() functions were added as TLSv1_2_method and similar are marked deprecated https://www.openssl.org/docs/man1.1.1/man3/TLSv1_2_method.html

[sam-github]

Look at minVersion and maxVersion.

[styfle]

@richardlau Thanks, I assumed it was available since I saw TLSv1_3_method in methods.c and ssl_locl.h but I see now there is no export.

@sam-github Thanks, this is what I was looking for 😄. I see minVersion and maxVersion in the docs since Node 11.4.0 👍