tls.DEFAULT_MIN_VERSION according to docs is v11 feature, but its present in v10.16.0 and is incorrect

[nitinsurana]

• Version: 10.16.0
• Platform: Ubuntu 14.04

According to the docs tls.DEFAULT_MIN_VERSION is available starting v11 and default value is TLSv1.2

Issue :

1. Ubuntu 14.04 with Nodejs v10.16.0 has tls.DEFAULT_MIN_VERSION defined
2. It is returning incorrect value viz TLSv1 instead of TLSv1.2

[nitinsurana]

Possibly, this commit needs to be merged with 10x

[Trott]

Possibly, this commit needs to be merged with 10x

No, that's just a changelog entry.

[Trott]

Seems like #26821 needs to be added to v10.x-staging (so it can go out in the next release).

[sam-github]

It is returning incorrect value viz TLSv1 instead of TLSv1.2

Value is correct, you are reading 12.x docs, the 11.x docs are slightly more relevant to 10.x: https://nodejs.org/docs/latest-v11.x/api/tls.html#tls_tls_default_min_version

[ckarande]

I would like to assist on this issue and starting to exploring it further.
cc: @mcollina

[mcollina]

@ckarande do you need any direction/help? Check out https://github.com/nodejs/node/blob/master/doc/guides/backporting-to-release-lines.md.

[ckarande]

@mcollina Thanks for the link. I am all set to go ahead with it.

[ckarande]

@sam-github @nitinsurana @Trott I am comparing the changes in #26821 with what is applicable to v10.x. Can you please confirm these findings:

1. In protocol versions, remove references of TLSv1.3,as it was not supported in v10
2. Remove references to CLI options such as --tls-min-v1.0, --tls-min-v1.2, --tls-min-v1.3, --tls-max-v1.2 --tls-max-v1.3 as they do not seem to be supported in v10.x.

[sam-github]

looks about right to me.

#27946 is trying to add the CLI switches, but its blocked on a problem with a container build I haven't been able to replicate outside docker, or had the time to replicate inside docker.

[nitinsurana]

@ckarande The findings & the PR both looks good to me 👍
The build is failing because of missing reference to the new constants. Please see my comment on the PR.

[ckarande]

Thanks @nitinsurana . The build was successful with the latest fixes.

@Trott , @sam-github, the fix so far adds missing documentation about tls.DEFAULT_MAX_VERSION and tls.DEFAULT_MIN_VERSION options to the Node v10 docs. Should we also fix v11.x and v12.x docs to indicate that these options were added in v10.6.0 instead of v11.4.0? The corresponding sections in v11.x and v12.x docs also refer to the CLI options, which were not present on v10.6.0. So it may not be completely accurate to just indicate that these features were added in v10.6.0.

[Trott]

Should we also fix v11.x and v12.x docs to indicate that these options were added in v10.6.0 instead of v11.4.0?

No, leave those docs as they are. The features were added in 11.4.0, then backported to the v10 line. So 11.4.0 is correct for versions 11 and later. If we change it to 10.6.0, then someone running 11.3.0 will wonder why it doesn't exist in 11.3.0.

[ckarande]

Makes sense. Thanks for the clarification. In my PR for v10.x docs, I indicated that these options were added in v10.6.0 (diff1 and diff2). Should that be fixed to indicate these were added in 11.4.0? I was not sure if it is normal to specify that a feature was added in a future release.

[sam-github]

https://nodejs.org/docs/latest-v10.x/api/tls.html#tls_tls_default_min_version

docs are present and correct in 10.x line