From cddf358f682349dea22e78ce8df5afe26cd5cd1c Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 2 Nov 2015 13:06:26 +0100
Subject: [PATCH 1/2] test: add regression test for 512 bits DH key

Check that trying to use a < 1024 bits DH key throws an exception.

parallel/test-tls-dhe tests this as well but it feels incongruous not to
do it here when both tests have similar logic for 1024/2048 bits keys.

PR-URL: https://github.com/nodejs/node/pull/3629
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
---
 test/parallel/test-tls-client-mindhsize.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/parallel/test-tls-client-mindhsize.js b/test/parallel/test-tls-client-mindhsize.js
index fde3de512cdc26..a497fdd9f2de62 100644
--- a/test/parallel/test-tls-client-mindhsize.js
+++ b/test/parallel/test-tls-client-mindhsize.js
@@ -75,6 +75,9 @@ function testDHE2048() {
 
 testDHE1024();
 
+assert.throws(() => test(512, true, assert.fail),
+              /DH parameter is less than 1024 bits/);
+
 process.on('exit', function() {
   assert.equal(nsuccess, 1);
   assert.equal(nerror, 1);

From 82022a79b035c25f8a41df1f2a20793d356c1511 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 2 Nov 2015 13:14:14 +0100
Subject: [PATCH 2/2] test: more regression tests for minDHSize option

Check that tls.connect() fails in the expected way when passing in
invalid minDHSize options.

PR-URL: https://github.com/nodejs/node/pull/3629
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
---
 lib/_tls_wrap.js                           | 2 +-
 test/parallel/test-tls-client-mindhsize.js | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index d918656a360c7a..887db012e78402 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -974,7 +974,7 @@ exports.connect = function(/* [port, host], options, cb */) {
   assert(typeof options.minDHSize === 'number',
          'options.minDHSize is not a number: ' + options.minDHSize);
   assert(options.minDHSize > 0,
-         'options.minDHSize is not a posivie number: ' +
+         'options.minDHSize is not a positive number: ' +
          options.minDHSize);
 
   var hostname = options.servername ||
diff --git a/test/parallel/test-tls-client-mindhsize.js b/test/parallel/test-tls-client-mindhsize.js
index a497fdd9f2de62..a67a3cd67d983b 100644
--- a/test/parallel/test-tls-client-mindhsize.js
+++ b/test/parallel/test-tls-client-mindhsize.js
@@ -78,6 +78,15 @@ testDHE1024();
 assert.throws(() => test(512, true, assert.fail),
               /DH parameter is less than 1024 bits/);
 
+[0, -1, -Infinity, NaN].forEach(minDHSize => {
+  assert.throws(() => tls.connect({ minDHSize }),
+                /minDHSize is not a positive number/);
+});
+
+[true, false, null, undefined, {}, [], '', '1'].forEach(minDHSize => {
+  assert.throws(() => tls.connect({ minDHSize }), /minDHSize is not a number/);
+});
+
 process.on('exit', function() {
   assert.equal(nsuccess, 1);
   assert.equal(nerror, 1);