From 81dc378177df7f5d9d4d9a8afc8bbee18fe1b437 Mon Sep 17 00:00:00 2001
From: mkg20001 <mkg20001@gmail.com>
Date: Mon, 5 Feb 2018 14:31:37 +0100
Subject: [PATCH] feat: TLS ECC

fixes #2
---
 src/transport/tls/node.js        | 45 +++++++++++---------------------
 test/transport/handshake.spec.js |  2 +-
 2 files changed, 16 insertions(+), 31 deletions(-)

diff --git a/src/transport/tls/node.js b/src/transport/tls/node.js
index 56b5311..7fba981 100644
--- a/src/transport/tls/node.js
+++ b/src/transport/tls/node.js
@@ -74,36 +74,21 @@ module.exports.tls_rsa = (protocol) => {
   })
 }
 
-/* TODO: fix and rewrite
 module.exports.tls_ecc = (protocol) => {
-  basicCrypto('ecc', protocol, (opt, host, port, cert, ready, cb) => {
-    let stream
-    if (opt.isServer) {
-      stream = tls.connect({
-        host,
-        port,
-        isServer: true,
-        key: cert.privkey,
-        cert: cert.cert,
-        requestCert: false,
-        rejectUnauthorized: false,
-        ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES128-SHA256:HIGH:' +
-          '!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK',
-        honorCipherOrder: true,
-        secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2
-      })
-    } else {
-      stream = tls.connect({
-        host,
-        port,
-        isServer: false,
-        requestCert: true,
-        rejectUnauthorized: false,
-        secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2
-      }, cb)
-    }
-    stream.on('secureConnect', () => cb(null, stream))
-    ready(null, stream)
+  basicCrypto('ecc', protocol, {
+    server: (cert) => tls.createServer({
+      key: cert.key,
+      cert: cert.cert,
+      ciphers: sslConfig.ciphers,
+      honorCipherOrder: true,
+      secureOptions: sslConfig.minimumTLSVersion
+    }),
+    client: (dest) => tls.connect(Object.assign(dest, {
+      requestCert: true,
+      rejectUnauthorized: false,
+      ciphers: sslConfig.ciphers,
+      honorCipherOrder: true,
+      secureOptions: sslConfig.minimumTLSVersion
+    }))
   })
 }
-*/
diff --git a/test/transport/handshake.spec.js b/test/transport/handshake.spec.js
index 9dd02a0..6b0a288 100644
--- a/test/transport/handshake.spec.js
+++ b/test/transport/handshake.spec.js
@@ -10,7 +10,7 @@ const {transport} = require('../../src')
 const cryptoData = {
   secio: transport.secio,
   'tls-rsa': transport.tls.tls_rsa,
-  // 'tls-ecc': require('../src').tls.tls_ecc,
+  'tls-ecc': transport.tls.tls_ecc,
   hex: hexcrypt // hex crypto. why not?
 }