-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL Handshake Error using node >= 8.6.0 #16196
Comments
#15206 is indeed the PR that is responsible for this change. I assume you don't pass an explicit It sounds like #15206 slipped in an accidental bug fix because @nodejs/security What do we want to do? |
No I don't pass an explicit curve but I did verify that passing it in works (thanks for pointing that out!): const req = require('https').request(
{
...require('url').parse('https://my-domain.com'),
method: 'GET',
ecdhCurve: 'secp384r1' // 'auto' also works
},
res => res.on('data', d => process.stdout.write(d))
);
req.on('error', e => console.error(e));
req.end(); So I guess the question now is the whether this is considered a bugfix (and therefore I should just start passing the As a side note: I actually wasn't aware the
I thought that I would only be able to pass the |
It's not completely fool-proof at the moment. If you make two requests to the same host using the same agent but with different If you'd like to work on that, the logic is in Ideally, every option to |
Hi all, |
@bnoordhuis Ah I see now. Yeah I'll work something up and submit a PR. Looking at the options that are already there, I'm thinking it's reasonable to add support for the rest of the As for supporting all options, I agree that supporting everything through something like |
@rogaps that sounds reasonable to me. I think the main question would be if there are any security concerns involved with being more permissive in the selection of the curve (I don't actually know if there are, just playing devil's advocate). |
@princjef Yes, sounds good.
@rogaps That's an option for v9.x, but not v8.x as that branch has been released, is stable and about to go LTS. Related issue: #1495 |
The default value of This breaks the |
I'll close this out because it looks like we're not going to roll back the change and as a question it's been answered. @Hativ3 Can you open a new issue or pull request? |
Reopening, more discussion is probably warranted. See nodejs/help#968 where a previously working combination of options no longer works. @nodejs/crypto Thoughts on making |
@bnoordhuis #16853 contains that change, and looks to have been fully approved. |
Setting |
For best out-of-the-box compatibility there should not be one default `ecdhCurve` for the tls client, OpenSSL should choose them automatically. See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3) PR-URL: #16853 Refs: #16196 Refs: #1495 Refs: #15206 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
I see merges but unsure if this is resolved. Do I still need to roll back to an earlier version of Node 8.5.x for now? Is the merges on a 9.x.x release? I'm on the same setup as @bmonty |
@dandigangi You mean #16853? No, that one is semver-major, it's going into node 10. |
Got it. I should have figured that. I don't know what happened exactly but I ended up go forward to 9.3.0 today. Not sure if that solved it but it is working again. |
The HTTP Node now uses auto for ecdhCurve for SSL connections. This fixes the SSL handshake error while connecting to some Zulip instances. Setting the ecdhCurve to auto is the recommended method for Node > 8.5, more info here - nodejs/node#16196
The HTTP Node now uses auto for ecdhCurve for SSL connections. This fixes the SSL handshake error while connecting to some Zulip instances. Setting the ecdhCurve to auto is the recommended method for Node > 8.5, more info here - nodejs/node#16196 Fixes: #594.
The HTTP Node now uses auto for ecdhCurve for SSL connections. This fixes the SSL handshake error while connecting to some Zulip instances. Setting the ecdhCurve to auto is the recommended method for Node > 8.5, more info here - nodejs/node#16196 Fixes: zulip#594.
The HTTP Node now uses auto for ecdhCurve for SSL connections. This fixes the SSL handshake error while connecting to some Zulip instances. Setting the ecdhCurve to auto is the recommended method for Node > 8.5, more info here - nodejs/node#16196 Fixes: zulip#594.
adding |
I just ran into this issue with Node v8.12.0. Here’s curl (7.54.0):
What is the preferred work around? Globally, like @fabricecolas suggests, or passing request options? |
It's up to your preference. Global makes the behaviour the same across node versions (but if anyone is using specific request options the global default will get ignored). |
The HTTP Node now uses auto for ecdhCurve for SSL connections. This fixes the SSL handshake error while connecting to some Zulip instances. Setting the ecdhCurve to auto is the recommended method for Node > 8.5, more info here - nodejs/node#16196 Fixes: zulip#594.
Starting with node 8.6.0, whenever I try to make an https call to an nginx server that I'm running (be it through a library like
request
or usinghttps.request()
directly), I always get the following error:I'll admit up front that I'm not the most knowledgeable when it comes to security, but I'm able to talk to my server if I use node 8.5.0 (as well as several previous versions of node 6 and 8), all major web browsers and curl, so it seems like there's something special about more recent versions of node that's causing something strange to happen.
After some digging, I found that Node 8.5.0, Chrome, Firefox, and curl all communicate with my server using the
ECDHE-RSA-AES256-GCM-SHA384
cipher, which is present on both the default list of TLS Ciphers and the list of ciphers my server accepts (see below).However, when communicating using Node 8.6.0/8.7.0 and changing the accepted ciphers on the server to
ALL
to get the request to complete, I see that cipher ends up beingAES256-GCM-SHA384
instead. As far as I can tell (though I don't know much about SSL/TLS ciphers), the Node client and the nginx server are unable to agree on an ECDH curve, so ECDH is dropped from the cipher, which causes an impermissible cipher to be used (and subsequently rejected).With that in mind, I'm also able to get the request to succeed with Node 8.7.0 if I drop the
secp384r1
ECDH curve requirement from my nginx config, which drops it back to the default (auto
, I believe). When the ECDH curve requirement is removed, Node 8.7.0 completes the request using the sameECDHE-RSA-AES256-GCM-SHA384
cipher as everything else. So ultimately, this seems to be a change in the ECDH curves Node allows/supports.Having poked around the commits that went into the 8.6.0 release, I believe this PR made the change that caused this scenario to break. What I'm less sure of is why that change broke it and whether support for the
secp384r1
ECDH curve was removed intentionally or not. I'm not necessarily opposed to removing thesecp384r1
configuration from my server, but I figure that it's probably best if I can follow the recommendations of https://cipherli.st/ if possible.Thanks for your time and effort to look at this issue. I'd be more than happy to provide more information and/or test things out on my end. I would also love to help with a fix for this, but I'm afraid I'm not knowledgeable enough about security/crypto to really be able to understand what's going on at a code level.
For reference, here's the relevant information about the nginx server (most configuration is lifted from https://cipherli.st/):
Configuration
When
The text was updated successfully, but these errors were encountered: