Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to log SSL handshake in node's https module

Tags:

node.js

https

ssl

I have a server written in node which implements a secure two-way SSL web-server:

var https = require('https');
var express = require('express');
var app = express();

var options {
  key: ...,
  cert: ...,
  ca: ...,
  requestCert: true,
  rejectUnauthorized: true
};
https.createServer(options, app).listen(port, host);

But for some unknown reason, the client fails to connect. So it would be great if I could get any logs on why the connection has failed.

So far, all the logs I can get come from app which is an express object. But the problem is that when a connection is rejected due to a certificate issues, it does not reach express so I get no error logs. How can I get logs from https server?

like image 242
Mehran Avatar asked Apr 18 '18 14:04

Mehran


People also ask

What is SSL or TLS handshake?

The SSL or TLS handshake enables the SSL or TLS client and server to establish the secret keys with which they communicate. This section provides a summary of the steps that enable the SSL or TLS client and server to communicate with each other: Agree on the version of the protocol to use. Select cryptographic algorithms.

What are the steps involved in the SSL handshake?

In overview, the steps involved in the SSL handshake are as follows: The SSL or TLS client sends a client hello message that lists cryptographic information such as the SSL or TLS version and, in the client's order of preference, the CipherSuites supported by the client.

How to set up HTTPS in Node JS?

To get started with HTTPS in Node.js, we will first need to include it in our project: To create the secure, HTTPS server, we can start by creating a self-signed SSL certificate for ourselves. Speaking of SSL certificates, they are two kinds; those signed by a ‘Certified Author’, also known as CA, and those that are ‘self-signed’.

What is the https module used for?

But there’s also an HTTPS module that we have to use in order to communicate over a secure channel with the client. This is a built-in module, and the usage is very similar to how we use the HTTP module: Ignore the /srv/www/keys/my-site-key.pem and and /srv/www/keys/chain.pem files for the moment.


1 Answers

I've run into this problem as well and while I couldn't come up with a solution that logs all the errors within the https module, I was able to get it to log debug information by using:

NODE_DEBUG='tls,https' node server.js

This isn't ideal as it doesn't give you the exact error (eg: Bad SSL Handshake) and the related traceback, it does give you information like TLS: onhandshakestart which lets you figure out if there was an error if you can't find a corresponding TLS: onhandshakeend in the logs.

like image 65
Gaurav Dadhania Avatar answered Oct 27 '22 00:10

Gaurav Dadhania