Menu
I have simple Node.js HTTPS server
const https = require('https');
const fs = require('fs');
const config = {
key: fs.readFileSync('cert/server-key.pem'),
cert: fs.readFileSync('cert/server-crt.pem'),
ca: fs.readFileSync('cert/ca-crt.pem'),
};
const server = https.createServer(config, ((req, res) => {
console.log('Got request');
res.end();
}));
server.listen(3333);
I use curl on embedded system.
# curl -V
curl 7.52.1 (arm-unknown-linux-gnu) libcurl/7.52.1 wolfSSL/3.9.8
Protocols: file ftp ftps http https smtp smtps telnet tftp
Features: IPv6 Largefile SSL UnixSockets
When I use Node.js other then version 10 - everything works nicely.
HTTPS server running on Node.js v8.2.1
# curl -k -v "https://10.43.11.128:3333/"
* Trying 10.43.11.128...
* TCP_NODELAY set
* Connected to 10.43.11.128 (10.43.11.128) port 3333 (#0)
* SSL connected
> GET / HTTP/1.1
> Host: 10.43.11.128:3333
> User-Agent: curl/7.52.1
> Accept: */*
HTTPS server running on Node.js v10.1.0
# curl -k -v "https://10.43.11.128:3333/"
* Trying 10.43.11.128...
* TCP_NODELAY set
* Connected to 10.43.11.128 (10.43.11.128) port 3333 (#0)
* SSL_connect failed with error -313: revcd alert fatal error
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (35) SSL_connect failed with error -313: revcd alert fatal error
What has changed in Node.js 10 with regards to HTTPS? I suspect I'll have to change SSL settings but I am to sure how.
UPDATES:
Trying to access HTTP (Node.js v10.1.0)
# curl --insecure -v "10.43.11.128:3333/"
* Trying 10.43.11.128...
* TCP_NODELAY set
* Connected to 10.43.11.128 (10.43.11.128) port 3333 (#0)
> GET / HTTP/1.1
> Host: 10.43.11.128:3333
> User-Agent: curl/7.52.1
> Accept: */*
>
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host 10.43.11.128 left intact
curl: (52) Empty reply from server
Wireshark captured pcap file.
667
The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below. However, this method is unsafe because it disables the server certificate verification, making the Node app open to MITM attack.
To start your https server, run node app. js (here, app. js is name of the file) on the terminal. or in your browser, by going to https://localhost:8000 .
env. NODE_EXTRA_CA_CERTS . process stores information about the node process running. env stores all the environment variables (that get populated by dotenv-webpack ).
Problem is that the client is not broadcasting support for a cipher suite or extension that the server requires.
Some common solutions to this problem may be: - If using ECC, the server requires the Supported Curves Extension to be enabled. Compile wolfSSL with "--enable-supported curves" to resolve. - wolfSSL has static key cipher suites disabled by default for security. Please see note at the top of the README for instructions on re-enabling static-key cipher suites if your server requires them.
Here is the Thread which discuses the error which you have received . Hope this fixes you issue
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
