Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Configure https agent to allow only TLS1.2 for outgoing requests

Tags:

node.js

https

tls1.2

I'm making HTTPS connections from a node app, using a client certificate: 

var options = { 
    hostname: 'https://my-server.com', 
    port: 443, 
    path: '/', 
    method: 'GET', 
    key: fs.readFileSync('client1-key.pem'), 
    cert: fs.readFileSync('client1-crt.pem'), 
    ca: fs.readFileSync('ca-crt.pem') }; 

var req = https.request(options, res => { 
    [...]
});

Everything is working fine, however I want to add code to ensure only TLS 1.2 connections are allowed. I cannot find any way to configure this in the https.agent options, or elsewhere. Is it possible to configure this, or do I have to make a connection and then query the protocol version, with something like:

res.socket.getProtocol() === 'TLSv1.2'

and abort the connection if the protocol is not satisfactory?

like image 517
JHH Avatar asked Jun 19 '17 11:06

JHH

People also ask

How do I configure Websphere Application Server SSL protocol to TLSv1 2 only?

Click the default SSL settings link to open it and, under Additional Properties, click Quality of protection (QoP) settings. For the protocol, ensure that TLSv1. 2 is selected, for the Cipher suite groups, ensure that Strong is selected, and then click Update selected ciphers.

1 Answers

First I found the docs on making HTTPS requests. It mentions that you can pass additional options to tls.connect() which includes something called secureProtocol. Digging into tls.connect(), I found the secureContext option which mentions tls.createSecureContext(). And there it finally mentions secureProtocol which can be specified with a string from an OpenSSL page. I picked a string that looked reasonable (TLSv1_2_method) and passed the secureProtocol option directly into https.request.

This prints SSL Version: TLS 1.2 with the given secureProtocol and SSL Version: TLS 1.1 with secureProtocol: "TLSv1_1_method". The error handler at the end will get called if a connection cannot be established with the given TLS version.

var https = require('https')

var options = {
    hostname: 'www.howsmyssl.com',
    port: 443,
    path: '/a/check',
    method: 'GET',
    secureProtocol: "TLSv1_2_method"
}

https.request(options, res => {
  let body = ''
  res.on('data', d => body += d)
  res.on('end', () => {
    data = JSON.parse(body)
    console.log('SSL Version: ' + data.tls_version)
  })
}).on('error', err => {
  // This gets called if a connection cannot be established.
  console.warn(err)
}).end()
like image 156
supersam654 Avatar answered Sep 22 '22 18:09

supersam654
Sign in to Comment

Related questions

Module not found: Can't resolve 'dns' in pg/lib
React Native Ios Error - ENOENT: no such file or directory, uv_cwd (null))
Why is Babel 7 not compiling node_modules files?
context.log vs console.log in Azure function apps
Very Slow ng build --prod in Docker
fetch API always returns {"_U": 0, "_V": 0, "_W": null, "_X": null}
How to check the HOST using ExpressJS?
Authentication solutions for Node.js [closed]
In Express.js, how can I render a Jade partial-view without a "response" object?
Script fails in Webstorm but not from terminal
"Make" command for Windows - possible options?
Node.js upstart vs forever
Seriously debugging node.js 'Cannot find module xyz/abcd'
Is there any Node.js client library to make OAuth and OAuth2 API calls to Twitter, Facebook, Google, LinkedIn, etc.?
NPM Global Install Location on OSX
Access file from network share path in nodejs
convert CSV lines into Javascript objects
Mongoose Boolean default false
How to hide ReplyKeyboardMarkup after user click in Telegram Bot API
Node.js HTTP - TypeError: The header content contains invalid characters

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!