I have simple Node.js HTTPS server
const https = require('https'); const fs = require('fs'); const config = { key: fs.readFileSync('cert/server-key.pem'), cert: fs.readFileSync('cert/server-crt.pem'), ca: fs.readFileSync('cert/ca-crt.pem'), }; const server = https.createServer(config, ((req, res) => { console.log('Got request'); res.end(); })); server.listen(3333); I use curl on embedded system.
# curl -V curl 7.52.1 (arm-unknown-linux-gnu) libcurl/7.52.1 wolfSSL/3.9.8 Protocols: file ftp ftps http https smtp smtps telnet tftp Features: IPv6 Largefile SSL UnixSockets When I use Node.js other then version 10 - everything works nicely.
HTTPS server running on Node.js v8.2.1
# curl -k -v "https://10.43.11.128:3333/" * Trying 10.43.11.128... * TCP_NODELAY set * Connected to 10.43.11.128 (10.43.11.128) port 3333 (#0) * SSL connected > GET / HTTP/1.1 > Host: 10.43.11.128:3333 > User-Agent: curl/7.52.1 > Accept: */* HTTPS server running on Node.js v10.1.0
# curl -k -v "https://10.43.11.128:3333/" * Trying 10.43.11.128... * TCP_NODELAY set * Connected to 10.43.11.128 (10.43.11.128) port 3333 (#0) * SSL_connect failed with error -313: revcd alert fatal error * Curl_http_done: called premature == 1 * Closing connection 0 curl: (35) SSL_connect failed with error -313: revcd alert fatal error What has changed in Node.js 10 with regards to HTTPS? I suspect I'll have to change SSL settings but I am to sure how.
UPDATES:
Trying to access HTTP (Node.js v10.1.0)
# curl --insecure -v "10.43.11.128:3333/" * Trying 10.43.11.128... * TCP_NODELAY set * Connected to 10.43.11.128 (10.43.11.128) port 3333 (#0) > GET / HTTP/1.1 > Host: 10.43.11.128:3333 > User-Agent: curl/7.52.1 > Accept: */* > * Curl_http_done: called premature == 0 * Empty reply from server * Connection #0 to host 10.43.11.128 left intact curl: (52) Empty reply from server Wireshark captured pcap file.
2 Answers
Answers 1
Validate which headers curl sends, you can use the -v argument for that.
curl -vIX "https://10.43.11.128:3333/"
also In node,
just console.log(req._headers) after req.end() and compare your header to further solve the problem.Also i request to try wireshark (http://www.wireshark.org/) for ssl connection testing.
As it's working by --insecure but you need to know the reason.
--insecure
- (SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.
Also can you please try this
const https = require("https"), fs = require("fs"); const options = { key: fs.readFileSync("/cert/server-key.pem"), cert: fs.readFileSync("/cert/server-cert.pem") }; const app = express(); app.use((req, res) => { res.writeHead(200); res.end("hello world\n"); }); app.listen(8000); https.createServer(options, app).listen(8080); Answers 2
Problem is that the client is not broadcasting support for a cipher suite or extension that the server requires.
Some common solutions to this problem may be: - If using ECC, the server requires the Supported Curves Extension to be enabled. Compile wolfSSL with "--enable-supported curves" to resolve. - wolfSSL has static key cipher suites disabled by default for security. Please see note at the top of the README for instructions on re-enabling static-key cipher suites if your server requires them.
Here is the Thread which discuses the error which you have received . Hope this fixes you issue
0 comments:
Post a Comment