Menu
I have the following code, which is run from a express server:
import fetch from 'node-fetch'; let formBody = []; const dataLogin = { 'username': 'myUser', 'password': 'myPassword' }; for (let p in dataLogin) { let encodedKey = encodeURIComponent(p); let encodedValue = encodeURIComponent(dataLogin[p]); formBody.push(encodedKey + "=" + encodedValue); } formBody = formBody.join("&"); const url = 'https://external-login-api.com'; return fetch(url, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': formBody.length }, body: formBody }); When I run the code I get the following error, despite being able to run the request in Postman with no problems.
{"message":"request to https://external-login-api.com failed, reason: write EPROTO 7316:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:openssl\ssl\statem\statem_clnt.c:1472:\n","type":"system","errno":"EPROTO","code":"EPROTO"}
How do I disable SSL verification for this request?
678
You can configure axios to use a custom agent and set rejectUnauthorized to false for that agent: // At instance level const instance = axios. create({ httpsAgent: new https. Agent({ rejectUnauthorized: false }) }); instance.
To ignore invalid and self-signed certificate checks on Curl, use the -k or --insecure command-line option. This option allows Curl to perform "insecure" SSL connections and skip SSL certificate checks while you still have SSL-encrypted communications.
NODE_EXTRA_CA_CERTS. From Node version 7.3. 0, NODE_EXTRA_CA_CERTS environment variable is introduced to pass in a CA certificate file. This allows the “root” CAs to be extended with the extra certificates in the file. The file should consist of one or more trusted certificates in PEM format.
The other way to do is to set your own agent to the fetch call.
const fetch = require('node-fetch'); const https = require('https'); const httpsAgent = new https.Agent({ rejectUnauthorized: false, }); const response = await fetch(url, { method: 'POST', headers: headers, body: body, agent: httpsAgent, }); 
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; Will ensure you ignore any rejected TLS certificates, or you can set this as an environment variable when running your node service. However this will likely not help, and is probably a bad idea. The SSL error is not because the certificate is invalid (such as a self signed certificate) but instead because of a weak Diffie-Hellman key in the SSL/TLS configuration.
If this a service you're hosting you should look at correcting and improving your TLS/SSL cyphers. See this answer for more information.
The important part is:
You should use 2048-bit Diffie-Hellman groups or larger. You should not be using 512-bit or 1024-bit Diffie-Hellman groups.
If this is a third party service, you should consider contacting them or using a different service as they are leaving themselves open to the Logjam attack which is also discussed in the answer linked above.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
