How to fix: "EPROTO" Error after upgrading Node's version

Question

The following code works on Node's v10.15.3 version:

const { post } = require('request');

post({
  url: 'https://cidadao.sinesp.gov.br/sinesp-cidadao/mobile/consultar-placa/v4',
  body: '<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<v:Envelope xmlns:v=\"http://schemas.xmlsoap.org/soap/envelope/\">\n  <v:Header>\n    <b>LGE Nexus 5</b>\n    <c>ANDROID</c>\n    <d>v4</d>\n    <e>4.3.2</e>\n    <f>98.193.54.223</f>\n    <g>514650d8dba4784ed08b5a029583576361a50bc5</g>\n    <h>-3272.3179572637086</h>\n    <i>940.839492700698</i>\n    <j/>\n    <k/>\n    <l>2019-05-24 10:24:35</l>\n    <m>8797e74f0d6eb7b1ff3dc114d4aa12d3</m>\n  </v:Header>\n  <v:Body xmlns:n0=\"http://soap.ws.placa.service.sinesp.serpro.gov.br/\">\n    <n0:getStatus>\n      <a>LSU3J43</a>\n    </n0:getStatus>\n  </v:Body>\n</v:Envelope>',
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
    'User-Agent': 'SinespCidadao / 3.0.2.1 CFNetwork / 758.2.8 Darwin / 15.0.0',
    Host: 'cidadao.sinesp.gov.br'
  },
}, (err, httpResponse, body) => {
  if (err) return console.error(err);
  console.log(JSON.stringify(httpResponse));
});

But after upgrading to v12.2.0 or above I got the following error:

Error: write EPROTO 17432:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:c:\ws\deps\openssl\openssl\ssl\statem\statem_lib.c:1922:

    at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:83:16) {
  errno: 'EPROTO',
  code: 'EPROTO',
  syscall: 'write'
}

How can I fix it?

Answer 1

As the same code works on Node.js v10.15.3, but not work on v12.2.0, and the error message indicates "unsupported protocol", the most possible root cause of this issue is: the minimal supported TLS version in Node.js 10 is TLSv1.0, but since v11.4.0, it is raised to TLSv1.2 (tls.DEFAULT_MIN_VERSION). I suspect the certificate of cidadao.sinesp.gov.br is signed with TLSv1.0, which works on Node.js v10.15.3, but not on v12.2.0.

To make Node.js accept TLSv1.0, you can lauch Node.js process with --tls-min-v1.0 option.

I made an experiment and it works well:

BTW, the certificate of cidadao.sinesp.gov.br is invalid now. It has been expired since May 2018 -- as the OP mentioned, the request should be sent from Brazil (or through proxy node in Brazil).