修改默认的 TLS 密码套件
【Modifying the default TLS cipher suite】
Node.js 内置了一套默认启用和禁用的 TLS 加密套件。在构建 Node.js 时,可以配置此默认加密套件列表,以允许各发行版提供自己的默认列表。
【Node.js is built with a default suite of enabled and disabled TLS ciphers. This default cipher list can be configured when building Node.js to allow distributions to provide their own default list.】
以下命令可用于显示默认密码套件:
【The following command can be used to show the default cipher suite:】
node -p crypto.constants.defaultCoreCipherList | tr ':' '\n'
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA256
HIGH
!aNULL
!eNULL
!EXPORT
!DES
!RC4
!MD5
!PSK
!SRP
!CAMELLIA 可以完全使用 --tls-cipher-list 命令行开关(直接使用,或通过 NODE_OPTIONS 环境变量)来替换此默认值。例如,以下设置将 ECDHE-RSA-AES128-GCM-SHA256:!RC4 作为默认的 TLS 加密套件:
【This default can be replaced entirely using the --tls-cipher-list
command-line switch (directly, or via the NODE_OPTIONS environment
variable). For instance, the following makes ECDHE-RSA-AES128-GCM-SHA256:!RC4
the default TLS cipher suite:】
node --tls-cipher-list='ECDHE-RSA-AES128-GCM-SHA256:!RC4' server.js
export NODE_OPTIONS=--tls-cipher-list='ECDHE-RSA-AES128-GCM-SHA256:!RC4'
node server.js 要验证,请使用以下命令显示设置的加密列表,并注意 defaultCoreCipherList 和 defaultCipherList 之间的差异:
【To verify, use the following command to show the set cipher list, note the
difference between defaultCoreCipherList and defaultCipherList:】
node --tls-cipher-list='ECDHE-RSA-AES128-GCM-SHA256:!RC4' -p crypto.constants.defaultCipherList | tr ':' '\n'
ECDHE-RSA-AES128-GCM-SHA256
!RC4 即 defaultCoreCipherList 列表是在编译时设置的,而 defaultCipherList 是在运行时设置的。
【i.e. the defaultCoreCipherList list is set at compilation time and the
defaultCipherList is set at runtime.】
要在运行时修改默认的加密套件,请修改 tls.DEFAULT_CIPHERS 变量,这必须在监听任何套接字之前进行,对已打开的套接字不会有影响。例如:
【To modify the default cipher suites from within the runtime, modify the
tls.DEFAULT_CIPHERS variable, this must be performed before listening on any
sockets, it will not affect sockets already opened. For example:】
// Remove Obsolete CBC Ciphers and RSA Key Exchange based Ciphers as they don't provide Forward Secrecy
tls.DEFAULT_CIPHERS +=
':!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES256-SHA384' +
':!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES256-SHA384' +
':!kRSA'; 默认设置也可以通过 tls.createSecureContext() 的 ciphers 选项按每个客户端或服务器进行替换,该选项在 tls.createServer()、tls.connect() 中以及创建新的 tls.TLSSocket 时也可用。
【The default can also be replaced on a per client or server basis using the
ciphers option from tls.createSecureContext(), which is also available
in tls.createServer(), tls.connect(), and when creating new
tls.TLSSockets.】
密码套件列表可以包含 TLSv1.3 密码套件名称的混合项,这些名称以 'TLS_' 开头,以及 TLSv1.2 及以下版本密码套件的规范。TLSv1.2 密码套件支持遗留的规范格式,详情请参考 OpenSSL 密码列表格式 文档,但这些规范不适用于 TLSv1.3 密码套件。TLSv1.3 套件只能通过在密码列表中包含它们的完整名称来启用。例如,它们无法通过使用遗留的 TLSv1.2 'EECDH' 或 '!EECDH' 规范来启用或禁用。
【The ciphers list can contain a mixture of TLSv1.3 cipher suite names, the ones
that start with 'TLS_', and specifications for TLSv1.2 and below cipher
suites. The TLSv1.2 ciphers support a legacy specification format, consult
the OpenSSL cipher list format documentation for details, but those
specifications do not apply to TLSv1.3 ciphers. The TLSv1.3 suites can only
be enabled by including their full name in the cipher list. They cannot, for
example, be enabled or disabled by using the legacy TLSv1.2 'EECDH' or
'!EECDH' specification.】
尽管 TLSv1.3 和 TLSv1.2 密码套件的相对顺序不同,TLSv1.3 协议的安全性明显高于 TLSv1.2,并且如果握监视明支持 TLSv1.3 且启用了任何 TLSv1.3 密码套件,它将始终被优先选择而不是 TLSv1.2。
【Despite the relative order of TLSv1.3 and TLSv1.2 cipher suites, the TLSv1.3 protocol is significantly more secure than TLSv1.2, and will always be chosen over TLSv1.2 if the handshake indicates it is supported, and if any TLSv1.3 cipher suites are enabled.】
Node.js 中包含的默认密码套件经过精心选择,以反映当前的安全最佳实践和风险缓解措施。更改默认密码套件可能会对应用的安全性产生重大影响。--tls-cipher-list 选项和 ciphers 选项应仅在绝对必要时使用。
【The default cipher suite included within Node.js has been carefully
selected to reflect current security best practices and risk mitigation.
Changing the default cipher suite can have a significant impact on the security
of an application. The --tls-cipher-list switch and ciphers option should by
used only if absolutely necessary.】
默认的加密套件对于 Chrome 的“现代加密”设置 首选 GCM 加密,同时为了实现完美前向保密性,也首选 ECDHE 和 DHE 加密,同时提供一定的向后兼容性。
【The default cipher suite prefers GCM ciphers for Chrome's 'modern cryptography' setting and also prefers ECDHE and DHE ciphers for perfect forward secrecy, while offering some backward compatibility.】
依赖不安全且已废弃的基于 RC4 或 DES 的加密算法的旧客户端(如 Internet Explorer 6)无法使用默认配置完成握手过程。如果必须支持这些客户端,TLS 建议 可能提供兼容的加密套件。有关格式的更多详细信息,请参阅 OpenSSL 密码列表格式 文档。
【Old clients that rely on insecure and deprecated RC4 or DES-based ciphers (like Internet Explorer 6) cannot complete the handshaking process with the default configuration. If these clients must be supported, the TLS recommendations may offer a compatible cipher suite. For more details on the format, see the OpenSSL cipher list format documentation.】
只有五个 TLSv1.3 密码套件:
【There are only five TLSv1.3 cipher suites:】
'TLS_AES_256_GCM_SHA384''TLS_CHACHA20_POLY1305_SHA256''TLS_AES_128_GCM_SHA256''TLS_AES_128_CCM_SHA256''TLS_AES_128_CCM_8_SHA256'
前三个默认启用。基于 CCM 的两个套件受到 TLSv1.3 支持,因为它们在受限系统上可能性能更好,但由于安全性较低,因此默认不启用。
【The first three are enabled by default. The two CCM-based suites are supported
by TLSv1.3 because they may be more performant on constrained systems, but they
are not enabled by default since they offer less security.】