MLE-16819 : Support TLSv1.3 via Node Client

Author: anu3990

lib/marklogic.js

@@ -793,6 +793,9 @@ function initClient(client, inputParams) {
       mlutil.copyProperties(inputParams, agentOptions, [
         'keepAliveMsecs', 'maxCachedSessions', 'maxFreeSockets', 'maxSockets', 'maxTotalSockets', 'scheduling', 'timeout'
       ]);
+      agentOptions.secureProtocol = 'TLS_method';
+      agentOptions.secureOptions = require('constants').SSL_OP_NO_TLSv1 | require('constants').SSL_OP_NO_TLSv1_1;
+
       connectionParams.agent = new https.Agent(agentOptions);
     } else {
       connectionParams.agent = inputParams.agent;

test-basic/ssl-min-allow-tls-test.js

@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2025 MarkLogic Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+let testconfig = require('../etc/test-config.js');
+let should = require('should');
+let marklogic = require('../');
+const { exec } = require('child_process');
+let db = marklogic.createDatabaseClient(testconfig.restWriterConnection);
+
+describe('document content', function(){
+    this.timeout(5000);
+    before(function(done){
+        updateTlsVersion('TLSv1.3');
+        setTimeout(()=>{done();}, 3000);
+    });
+
+    after(function(done){
+        db.documents.remove('/test/write_tlsV1.3.json', '/test/write_tlsV1.2.json')
+            .result(()=> done())
+            .catch(error=> done(error));
+    });
+
+    it('should write document with minimum TLS versions 1.3 and 1.2', function (done) {
+
+        db.documents.write({
+            uri: '/test/write_tlsV1.3.json',
+            contentType: 'application/json',
+            content: '{"key1":"With TLS 1.3"}'
+        })
+            .result(function (response) {
+                db.documents.read('/test/write_tlsV1.3.json')
+                    .result(function (documents) {
+                        documents[0].content.should.have.property('key1');
+                        documents[0].content.key1.should.equal('With TLS 1.3');
+
+                    }).then(()=>{
+                    updateTlsVersion('TLSv1.2');
+                    })
+                    .then(() => {
+                        db.documents.write({
+                            uri: '/test/write_tlsV1.2.json',
+                            contentType: 'application/json',
+                            content: '{"key1":"With TLS 1.2"}'
+                        }).result(function () {
+                            db.documents.read('/test/write_tlsV1.2.json')
+                                .result(function (documents) {
+                                    documents[0].content.should.have.property('key1');
+                                    documents[0].content.key1.should.equal('With TLS 1.2');
+                                    done();
+                                })
+                        })
+                })
+                    .catch(error => done(error));
+            })
+            .catch(error => done(error));
+    });
+})
+
+function updateTlsVersion(tlsVersion) {
+    return new Promise((resolve, reject) => {
+        const curlCommand = `
+                curl --anyauth --user admin:admin -X PUT -H "Content-Type: application/json" \\
+    -d '{"ssl-min-allow-tls": "${tlsVersion}"}' \\
+    'http://localhost:8002/manage/v2/servers/unittest-nodeapi/properties?group-id=Default'
+        `;
+        exec(curlCommand, (error, stdout, stderr) => {
+            if (error) {
+                throw new Error(`Error executing curl: ${stderr}`);
+            }
+        });
+    });
+}