Latest SSL fixes that make all SSL tests pass

gistfile1.diff

diff --git a/lib/crypto.js b/lib/crypto.js
index f88c55d..dedecc4 100644
--- a/lib/crypto.js
+++ b/lib/crypto.js
@@ -61,6 +61,32 @@ var StringDecoder = require('string_decoder').StringDecoder;
 
 var CONTEXT_DEFAULT_OPTIONS = undefined;
 
+function getSecureOptions(secureProtocol, secureOptions) {
+  if (CONTEXT_DEFAULT_OPTIONS === undefined) {
+    var binding = process.binding('crypto');
+    CONTEXT_DEFAULT_OPTIONS = 0;
+
+    if (!binding.SSL3_ENABLE)
+      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3;
+
+    if (!binding.SSL2_ENABLE)
+      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2;
+  }
+
+  if (secureOptions === undefined) {
+    if (secureProtocol === undefined ||
+        secureProtocol === 'SSLv23_method' ||
+        secureProtocol === 'SSLv23_server_method' ||
+        secureProtocol === 'SSLv23_client_method') {
+      secureOptions |= CONTEXT_DEFAULT_OPTIONS;
+    }
+  }
+
+  return secureOptions;
+}
+exports._getSecureOptions = getSecureOptions;
+
+
 function Credentials(secureProtocol, flags, context) {
   if (!(this instanceof Credentials)) {
     return new Credentials(secureProtocol, flags, context);
@@ -82,24 +108,7 @@ function Credentials(secureProtocol, flags, context) {
     }
   }
 
-  if (CONTEXT_DEFAULT_OPTIONS === undefined) {
-    CONTEXT_DEFAULT_OPTIONS = 0;
-
-    if (!binding.SSL3_ENABLE)
-      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3;
-
-    if (!binding.SSL2_ENABLE)
-      CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2;
-  }
-
-  if (flags === undefined) {
-    if (secureProtocol === undefined ||
-        secureProtocol === 'SSLv23_method' ||
-        secureProtocol === 'SSLv23_server_method' ||
-        secureProtocol === 'SSLv23_client_method') {
-      flags |= CONTEXT_DEFAULT_OPTIONS;
-    }
-  }
+  flags = getSecureOptions(secureProtocol, flags);
 
   this.context.setOptions(flags);
 }
diff --git a/lib/tls.js b/lib/tls.js
index 392f7ad..5133c23 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -1145,7 +1145,11 @@ function Server(/* [options], listener */) {
 
   // constructor call
   net.Server.call(this, function(socket) {
-    var creds = crypto.createCredentials(null, sharedCreds.context);
+    var creds = crypto.createCredentials({
+      secureProtocol: self.secureProtocol,
+      secureOptions: self.secureOptions
+    },
+    sharedCreds.context);
 
     var pair = new SecurePair(creds,
                               true,
@@ -1239,11 +1243,16 @@ Server.prototype.setOptions = function(options) {
   if (options.secureProtocol) this.secureProtocol = options.secureProtocol;
   if (options.crl) this.crl = options.crl;
   if (options.ciphers) this.ciphers = options.ciphers;
-  var secureOptions = options.secureOptions || 0;
+
+  var secureOptions = crypto._getSecureOptions(options.secureProtocol,
+                                              options.secureOptions);
+
   if (options.honorCipherOrder) {
     secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;
   }
-  if (secureOptions) this.secureOptions = secureOptions;
+
+  this.secureOptions = secureOptions;
+
   if (options.NPNProtocols) convertNPNProtocols(options.NPNProtocols, this);
   if (options.SNICallback) {
     this.SNICallback = options.SNICallback;
@@ -1326,6 +1335,8 @@ exports.connect = function(/* [port, host], options, cb */) {
   };
   options = util._extend(defaults, options || {});
 
+  options.secureOptions = crypto._getSecureOptions(options.secureProtocol,
+                                                   options.secureOptions);
   var socket = options.socket ? options.socket : new net.Stream();
 
   var sslcontext = crypto.createCredentials(options);