
Insecure Defaults Allow MITM Over TLS - nailer
https://nodesecurity.io/advisories/99
======
nailer
Short ver: setting 'rejectUnauthorized' to 'null' (which should mean 'not
set') becomes false, meaning socketio will accept untrusted certs.

It's probably better long-term to rename the option to avoid ambiguity that
comes from double negatives: eg, 'acceptUntrusted'

