I was using iojs and koa in my application and recently I decided to update iojs to nodejs v4.4.4. The update was very smooth and my application was running in no time. The problem is that I am using a self signed SSL certificate on my development machine, and after I updated to nodejs I receive the following message when I try to access the website:
This site can’t provide a secure connection
localhost uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.
I am using nvm
so I tried switching to iojs and the website was working again.
After some reading I found out that I have to update the openssl
to version 1.0.2g
instead of the 1.0.1g
that I used to create the .key
and .crt
files. So I updated openssl
and generated new key and certificate files like this:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Sadly this did not resolve the issue.
This is the code that I use to setup the https on the server:
let sslOptions = {
key: fs.readFileSync('/etc/apache2/ssl/apache.key'),
cert: fs.readFileSync('/etc/apache2/ssl/apache.crt')
};
let server = require('https').createServer(sslOptions, app.callback())
Am I doing something wrong? Why does it work with iojs and does not work with nodejs?
Judging by the error message there is nothing wrong with the self signed certificate. But the 'server' offering the ssl connection doesn't support a suitable combination of protocol version an cipher suite.
openssl s_client -connect localhost:443
or more verbose
openssl s_client -connect localhost:443 -debug
might tell you what's going wrong during the ssl handshake.
You can also find out what combinations are provided with a tool called sslscan
apt-get install sslscan
sslscan localhost:443
sslscan localhost:443 | grep Accepted
In the end you'll want to configure the ciphersuites your https server offers by providing more ssloptions.
See here https://certsimple.com/blog/a-plus-node-js-ssl
There will be a truststore (keystore) file, where all trusted certificates need to be registered. You will have to register this newly created certificate there. Client uses that truststore file to check whether a certificate can be trusted or not.
For more details you can take reference from below link :-
Creating Self Signed Certificates (openssl & keytool)
I hope it helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With