stackoom
  简体   繁体   中英

NodeJS SSL options - strictSSL vs rejectUnauthorized

 原文  2018-03-16 12:12:19       node.js/ ssl

Question

What is the difference between strictSSL=false and rejectUnauthorized=false options in NodeJS?

The names are confusing and I did not find documentation, explaining the difference.

1 answers

solution1
 1 ACCPTED  2018-03-16 13:02:18

I think these two flag options are used in different context and are not exactly comparable. On one hand, you can look at rejectUnauthorized=false flag in node runtime context which does as quoted in this answer :

By setting rejectUnauthorized: false, you're saying "I don't care if I can't verify the server's identity." Obviously, this is not a good solution as it leaves you vulnerable to MITM attacks.

Whereas you can look at strictSSL=false as more build and setup context as this is the flag you pass to npm when installing dependencies from an HTTP source rather than https as mentioned in this post.

HTH.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Self signed cert NodeJS rejectUnauthorized Make client-certificate optional with Node SSL (rejectUnauthorized: true doesn't do it?) Apache and NodeJS over SSL NodeJS + Android SSL Authentication Amazon ELB with SSL and nodejs SSL Certificates Popup in nodejs NodeJS SSL Error Adding SSL Certificate to Nodejs NodeJS add SSL to HTTPserver Nodejs scraping options
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM