Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

axios SSL error with Node 12 : SSL routines:ssl_choose_client_version:unsupported protocol

Tags:

node.js

ssl

axios

I’m running into an issue with axios and Node 12. As I’m not sure this error is only related to axios, I followed the advice to ask on SO rather than opening a bug on axios’ GitHub.

Here is the code I’m trying to run :

const axios = require('axios')

axios({
  method: 'get',
  url: 'https://www.colisprive.com/moncolis/pages/detailColis.aspx?numColis=12345',
  responseType: 'text'
}).then((response) => {
  console.log(response)
})

This code fails on Node 12 with following error :

Error: write EPROTO 140121214769024:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1929:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:87:16)

Same code ran against Node 11 doesn’t throw any error.

When I curl -v I got this :

*   Trying 91.208.224.32:443...
* TCP_NODELAY set
* Connected to www.colisprive.com (91.208.224.32) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: serialNumber=391029345; jurisdictionC=FR; businessCategory=Private Organization; C=FR; postalCode=13290; ST=Bouches-du-Rh�ne; L=AIX EN PROVENCE; street=1330 AV J R G GAUTIER DE LA LAUZIERE; street=ZI MILLES EUROPARC PICHAURY; O=COLIS PRIVE SAS; OU=0002 391029345; CN=www.colisprive.com
*  start date: Sep  3 00:00:00 2018 GMT
*  expire date: Sep  2 23:59:59 2020 GMT
*  subjectAltName: host "www.colisprive.com" matched cert's "www.colisprive.com"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA
*  SSL certificate verify ok.
> GET /moncolis/pages/detailColis.aspx?numColis=12345 HTTP/1.1
> Host: www.colisprive.com
> User-Agent: curl/7.65.3
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Location: /moncolis/Default.aspx?numColis=12345&cp=
< Server: Microsoft-IIS/7.5
< Set-Cookie: ASP.NET_SessionId=eln3cq143d35lfj5tpqkkwcg; path=/; HttpOnly
< X-Powered-By: Colis Priv�
< Date: Fri, 24 Jan 2020 13:48:35 GMT
< Content-Length: 162
< 
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/moncolis/Default.aspx?numColis=12345&amp;cp=">here</a>.</h2>
</body></html>
* Connection #0 to host www.colisprive.com left intact

As you can see, it gives a 302 Found with a Location header pointing to another endpoint. I agree it should answer a 301 Moved to indicate document has moved, but this is not the case and it is handled as expected by axios on Node 11 (fetching endpoint under Location header).

I saw that Node 12 now includes TLS 1.3 as default, so this could be related to that…

Also, there is an unknown character in X-Powered-By header.

I tried to :

  • reproduce this issue with an express server always replying 302 Found with same headers : works as expected
  • fetch another .aspx web page with axios : works as expected
like image 429
Nicolas Goudry Avatar asked Jan 24 '20 14:01

Nicolas Goudry


1 Answers

The problem is not just with axios but with got as well.

Node.js 12's default TLS settings are stricter now. The site doesn't handle TLS v1.2. Node 12 by default need 1.2.

You can change this via a command line flag (--tls-min-v1.0) when running your app.

something like this

node --tls-min-v1.0 app.js
like image 174
Ashish Modi Avatar answered Sep 26 '22 00:09

Ashish Modi