Implement TLS min/max versions and matching CLI behaviour

.gitignore

@@ -183,4 +183,7 @@ codegen-for-zig-team.tar.gz
 *.sock
 scratch*.{js,ts,tsx,cjs,mjs}
 
-*.bun-build
+*.bun-build
+**/.claude/settings.local.json
+
+/.tmp

.vscode/settings.json

@@ -39,6 +39,7 @@
   "zig.zls.path": "${workspaceFolder}/vendor/zig/zls.exe",
   "zig.formattingProvider": "zls",
   "zig.zls.enableInlayHints": false,
+
   "[zig]": {
     "editor.tabSize": 4,
     "editor.useTabStops": false,

cmake/sources/CxxSources.txt

@@ -408,8 +408,8 @@ src/bun.js/bindings/webcrypto/CryptoAlgorithmSHA1.cpp
 src/bun.js/bindings/webcrypto/CryptoAlgorithmSHA224.cpp
 src/bun.js/bindings/webcrypto/CryptoAlgorithmSHA256.cpp
 src/bun.js/bindings/webcrypto/CryptoAlgorithmSHA384.cpp
-src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519.cpp
 src/bun.js/bindings/webcrypto/CryptoAlgorithmSHA512.cpp
+src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519.cpp
 src/bun.js/bindings/webcrypto/CryptoDigest.cpp
 src/bun.js/bindings/webcrypto/CryptoKey.cpp
 src/bun.js/bindings/webcrypto/CryptoKeyAES.cpp
@@ -443,14 +443,14 @@ src/bun.js/bindings/webcrypto/JSHkdfParams.cpp
 src/bun.js/bindings/webcrypto/JSHmacKeyParams.cpp
 src/bun.js/bindings/webcrypto/JSJsonWebKey.cpp
 src/bun.js/bindings/webcrypto/JSPbkdf2Params.cpp
-src/bun.js/bindings/webcrypto/JSX25519Params.cpp
 src/bun.js/bindings/webcrypto/JSRsaHashedImportParams.cpp
 src/bun.js/bindings/webcrypto/JSRsaHashedKeyGenParams.cpp
 src/bun.js/bindings/webcrypto/JSRsaKeyGenParams.cpp
 src/bun.js/bindings/webcrypto/JSRsaOaepParams.cpp
 src/bun.js/bindings/webcrypto/JSRsaOtherPrimesInfo.cpp
 src/bun.js/bindings/webcrypto/JSRsaPssParams.cpp
 src/bun.js/bindings/webcrypto/JSSubtleCrypto.cpp
+src/bun.js/bindings/webcrypto/JSX25519Params.cpp
 src/bun.js/bindings/webcrypto/OpenSSLUtilities.cpp
 src/bun.js/bindings/webcrypto/PhonyWorkQueue.cpp
 src/bun.js/bindings/webcrypto/SerializedCryptoKeyWrapOpenSSL.cpp

cmake/sources/ZigSources.txt

@@ -164,6 +164,7 @@ src/bun.js/node/node_http_binding.zig
 src/bun.js/node/node_net_binding.zig
 src/bun.js/node/node_os.zig
 src/bun.js/node/node_process.zig
+src/bun.js/node/node_tls_binding.zig
 src/bun.js/node/node_util_binding.zig
 src/bun.js/node/node_zlib_binding.zig
 src/bun.js/node/nodejs_error_code.zig
@@ -581,6 +582,7 @@ src/system_timer.zig
 src/test/fixtures.zig
 src/test/recover.zig
 src/thread_pool.zig
+src/tls.zig
 src/tmp.zig
 src/toml/toml_lexer.zig
 src/toml/toml_parser.zig

packages/bun-types/overrides.d.ts

@@ -2,7 +2,7 @@ export {};
 
 declare global {
   namespace NodeJS {
-    interface ProcessEnv extends Bun.Env, ImportMetaEnv {}
+    interface ProcessEnv extends Bun.Env {}
 
     interface Process {
       readonly version: string;

packages/bun-usockets/src/crypto/openssl.c

@@ -66,6 +66,7 @@ struct loop_ssl_data {
 
 struct us_internal_ssl_socket_context_t {
   struct us_socket_context_t sc;
+  struct us_bun_socket_context_options_t options;
 
   // this thing can be shared with other socket contexts via socket transfer!
   // maybe instead of holding once you hold many, a vector or set
@@ -285,7 +286,6 @@ int us_internal_handle_shutdown(struct us_internal_ssl_socket_t *s, int force_fa
       // we got some error here, but we dont care about it, we are closing the socket
       int err = SSL_get_error(s->ssl, ret);
       if (err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL) {
-        // clear
         ERR_clear_error();
         s->fatal_error = 1;
         // Fatal error occurred, we should close the socket imeadiatly
@@ -326,6 +326,41 @@ int us_internal_ssl_socket_is_closed(struct us_internal_ssl_socket_t *s) {
   return us_socket_is_closed(0, &s->s);
 }
 
+/**
+ * Override the protocol error if the secure_protocol_method is set. This is to match Node's
+ * behaviour
+ * Will modify the verify_error struct to override the error code and reason if necessary.
+
+ * Returns 1 if the protocol error was overridden, 0 otherwise
+*/
+static int should_override_protocol_error(const char *proto, int is_server, int openssl_reason, struct us_bun_verify_error_t *verify_error) {
+    if (!proto) return 0;
+    if (is_server) {
+        if (strcmp(proto, "TLSv1_method") == 0 || strcmp(proto, "TLSv1_1_method") == 0) {
+            if (openssl_reason == SSL_R_WRONG_VERSION_NUMBER) {
+                verify_error->code = "ERR_SSL_WRONG_VERSION_NUMBER";
+                verify_error->reason = "Wrong version number on server";
+            } else if (openssl_reason == SSL_R_UNSUPPORTED_PROTOCOL) {
+                verify_error->code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
+                verify_error->reason = "Unsupported protocol on server";
+            }
+
+            verify_error->error = -1;
+            ERR_clear_error();
+            return 1;
+        }
+    } else {
+        if (strcmp(proto, "SSLv23_method") == 0) {
+            verify_error->code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
+            verify_error->reason = "Unsupported protocol";
+            verify_error->error = -1;
+            ERR_clear_error();
+            return 1;
+        }
+    }
+
+    return 0;
+}
 
 void us_internal_trigger_handshake_callback_econnreset(struct us_internal_ssl_socket_t *s) {
   struct us_internal_ssl_socket_context_t *context =
@@ -348,6 +383,72 @@ void us_internal_trigger_handshake_callback(struct us_internal_ssl_socket_t *s,
 
   if (context->on_handshake != NULL) {
     struct us_bun_verify_error_t verify_error = us_internal_verify_error(s);
+
+    if (!success && (verify_error.code == NULL || verify_error.code[0] == 0)) {
+      const char *proto = context->options.secure_protocol_method;
+      unsigned long err = ERR_peek_error();
+      int reason = ERR_GET_REASON(err);
+      if (should_override_protocol_error(proto, SSL_is_server(s->ssl), reason, &verify_error)) {
+        context->on_handshake(s, success, verify_error, context->handshake_data);
+        return;
+      }
+
+      if (context->options.secure_protocol_method) {
+        if (SSL_is_server(s->ssl)) {
+          unsigned long err = ERR_peek_error();
+          int reason = ERR_GET_REASON(err);
+          if ((strcmp(proto, "TLSv1_1_method") == 0 || strcmp(proto, "TLSv1_method") == 0)) {
+            if (reason == SSL_R_WRONG_VERSION_NUMBER) {
+              verify_error.code = "ERR_SSL_WRONG_VERSION_NUMBER";
+              verify_error.reason = "Wrong version number on server";
+              verify_error.error = -1;
+              ERR_clear_error();
+              context->on_handshake(s, success, verify_error, context->handshake_data);
+              return;
+            } else if (reason == SSL_R_UNSUPPORTED_PROTOCOL) {
+              verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
+              verify_error.reason = "Unsupported protocol on server";
+              verify_error.error = -1;
+              ERR_clear_error();
+              context->on_handshake(s, success, verify_error, context->handshake_data);
+              return;
+            }
+          }
+        } else {
+          if (strcmp(proto, "SSLv23_method") == 0) {
+            verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
+            verify_error.reason = "Unsupported protocol";
+            verify_error.error = -1;
+            ERR_clear_error();
+            context->on_handshake(s, success, verify_error, context->handshake_data);
+            return;
+          }
+        }
+      }
+
+      if (verify_error.error == 0) {
+        verify_error.error = -1;
+
+        unsigned long err = ERR_peek_error();
+        int reason = ERR_GET_REASON(err);
+
+        if (reason == SSL_R_TLSV1_ALERT_PROTOCOL_VERSION) {
+          verify_error.code = "ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION";
+          verify_error.reason = "TLSv1 alert protocol version";
+        } else if (reason == SSL_R_UNSUPPORTED_PROTOCOL) {
+          verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
+          verify_error.reason = SSL_is_server(s->ssl) ? "Unsupported protocol on server" : "Unsupported protocol on client";
+        } else if (reason == SSL_R_WRONG_VERSION_NUMBER) {
+          verify_error.code = "ERR_SSL_WRONG_VERSION_NUMBER";
+          verify_error.reason = "Wrong version number on server";
+        } else {
+          verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
+          verify_error.reason = "Unsupported protocol";
+        }
+        ERR_clear_error();
+      }
+    }
+
     context->on_handshake(s, success, verify_error, context->handshake_data);
   }
 }
@@ -400,8 +501,7 @@ void us_internal_update_handshake(struct us_internal_ssl_socket_t *s) {
 
   if (us_internal_ssl_socket_is_closed(s) || us_internal_ssl_socket_is_shut_down(s) ||
      (s->ssl && SSL_get_shutdown(s->ssl) & SSL_RECEIVED_SHUTDOWN)) {
-
-    us_internal_trigger_handshake_callback(s, 0);
+    us_internal_trigger_handshake_callback_econnreset(s); 
     return;
   }
 
@@ -507,6 +607,7 @@ struct us_internal_ssl_socket_t *ssl_on_data(struct us_internal_ssl_socket_t *s,
 
     if (just_read <= 0) {
       int err = SSL_get_error(s->ssl, just_read);
+
       // as far as I know these are the only errors we want to handle
       if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) {
         if (err == SSL_ERROR_WANT_RENEGOTIATE) {
@@ -540,12 +641,11 @@ struct us_internal_ssl_socket_t *ssl_on_data(struct us_internal_ssl_socket_t *s,
         }
 
         if (err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL) {
-          // clear per thread error queue if it may contain something
-          ERR_clear_error();
           s->fatal_error = 1;
+          us_internal_trigger_handshake_callback(s, 0);
         }
 
-        // terminate connection here
+        // Terminate connection after reporting the handshake error
         us_internal_ssl_socket_close(s, 0, NULL);
         return NULL; // stop processing data
       } else {
@@ -1140,14 +1240,31 @@ SSL_CTX *create_ssl_context_from_bun_options(
   /* Create the context */
   SSL_CTX *ssl_context = SSL_CTX_new(TLS_method());
 
+
   /* Default options we rely on - changing these will break our logic */
   SSL_CTX_set_read_ahead(ssl_context, 1);
   /* we should always accept moving write buffer so we can retry writes with a
    * buffer allocated in a different address */
   SSL_CTX_set_mode(ssl_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+  if (options.min_tls_version > 0) {
+    if (!SSL_CTX_set_min_proto_version(ssl_context, options.min_tls_version)) {
+      free_ssl_context(ssl_context);
+      return NULL; 
+    }
+  } else {
+
+    if (!SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION)) {
+      free_ssl_context(ssl_context);
+      return NULL;
+    }
+  }
 
-  /* Anything below TLS 1.2 is disabled */
-  SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
+  if (options.max_tls_version > 0) {
+    if (!SSL_CTX_set_max_proto_version(ssl_context, options.max_tls_version)) {
+      free_ssl_context(ssl_context);
+      return NULL;
+    }
+  }
 
   /* The following are helpers. You may easily implement whatever you want by
    * using the native handle directly */
@@ -1545,6 +1662,7 @@ us_internal_bun_create_ssl_socket_context(
   context->ssl_context =
       ssl_context; // create_ssl_context_from_options(options);
   context->is_parent = 1;
+  context->options = options;
 
   context->on_handshake = NULL;
   context->handshake_data = NULL;

packages/bun-usockets/src/libusockets.h

@@ -237,6 +237,9 @@ struct us_bun_socket_context_options_t {
     int request_cert;
     unsigned int client_renegotiation_limit;
     unsigned int client_renegotiation_window;
+    unsigned int min_tls_version;
+    unsigned int max_tls_version;
+    const char *secure_protocol_method;
 };
 
 /* Return 15-bit timestamp for this context */

packages/bun-uws/src/App.h

@@ -78,6 +78,9 @@ namespace uWS {
         int request_cert = 0;
         unsigned int client_renegotiation_limit = 3;
         unsigned int client_renegotiation_window = 600;
+        unsigned int min_tls_version = 0;
+        unsigned int max_tls_version = 0;
+        const char **secure_protocol_method = nullptr;
 
         /* Conversion operator used internally */
         operator struct us_bun_socket_context_options_t() const {

src/bun.js/api/bun/socket.zig

@@ -715,6 +715,12 @@ pub const Listener = struct {
             return globalObject.throwValue(err);
         };
 
+        if (ssl_enabled and create_err != .none) {
+            const js_err = create_err.toJS(globalObject);
+            uws.us_socket_context_free(1, socket_context);
+            return globalObject.throwValue(js_err);
+        }
+
         if (ssl_enabled) {
             if (ssl.?.protos) |p| {
                 protos = p[0..ssl.?.protos_len];
@@ -1217,6 +1223,12 @@ pub const Listener = struct {
             return globalObject.throwValue(err.toErrorInstance(globalObject));
         };
 
+        if (ssl_enabled and create_err != .none) {
+            const js_err = create_err.toJS(globalObject);
+            uws.us_socket_context_free(1, socket_context);
+            return globalObject.throwValue(js_err);
+        }
+
         if (ssl_enabled) {
             if (ssl.?.protos) |p| {
                 protos = p[0..ssl.?.protos_len];

src/bun.js/api/bun/ssl_wrapper.zig

@@ -282,6 +282,7 @@ pub fn SSLWrapper(comptime T: type) type {
             if (this.flags.closed_notified) return;
 
             this.flags.authorized = success;
+
             // trigger the handshake callback
             this.handlers.onHandshake(this.handlers.ctx, success, result);
         }
@@ -311,8 +312,25 @@ pub fn SSLWrapper(comptime T: type) type {
             if (this.isShutdown()) {
                 return .{};
             }
+
             const ssl = this.ssl orelse return .{};
-            return uws.us_ssl_socket_verify_error_from_ssl(ssl);
+
+            const peek_err = BoringSSL.ERR_peek_error();
+            var verr = uws.us_ssl_socket_verify_error_from_ssl(ssl);
+
+            // no certificate verification = handshake error
+            if (verr.code == null and peek_err != 0) {
+                const reason_ptr = BoringSSL.ERR_reason_error_string(peek_err);
+
+                verr = uws.us_bun_verify_error_t{
+                    .error_no = @intCast(peek_err),
+                    .code = reason_ptr,
+                    .reason = reason_ptr,
+                };
+                BoringSSL.ERR_clear_error();
+            }
+
+            return verr;
         }
 
         /// Update the handshake state