Thank you so much! It works. I wish this was in the API docs somewhere (I spent countless hours searching for this!) I would think having TLS 1.0 disabled (with 1.1 and 1.2 enabled) should soon be the default configuration for Node... TLS 1.0 seems reasonably secure (especially compared to SSLv2 and SSLv3), but is not PCI compliant for credit card transactions... And modern browsers support TLS 1.1 and 1.2 pretty well (for quite some time now.)
On Friday, April 15, 2016 at 2:31:21 PM UTC-4, Ben Noordhuis wrote: > > On Wed, Apr 13, 2016 at 3:41 AM, Arthur Blake <[email protected] > <javascript:>> wrote: > > What's the proper way to disable "early TLS" (TLS 1.0) in node? > Apparently > > this is now required for PCI compliance on new websites - see > > > https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf > > > To disable TLS v1.0 but not v1.1 or v1.2, pass `{ secureOptions: > require('constants').SSL_OP_NO_TLSv1 }` to tls.createServer() or > tls.connect(). > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/0a8cdc4d-7b85-4186-a1ab-de625c004d2f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
