I am using CometD library for nodejs on server side using the https://www.npmjs.com/package/cometd-nodejs-client. The server (Genesys) that I am trying to connect uses SSL, due to SSL cert I am getting SSL error when connecting to the server using CometD. My question is that is there a way to pass the ca cert to CometD library (https://www.npmjs.com/package/cometd)?
The XMLHttpRequest provided by the CometD library exposes a _config() function that returns a configuration object that is passed to Node's http.request(...), allowing you to configure TLS if so you need.
You can refer to this test case:
https://github.com/cometd/cometd-nodejs-client/blob/1.3.0/test/https.js#L53
I am also seeing a similar issue when using CometD and CometD Client packages to connect to Genesys.
I have a nodejs server that adds all the /meta/handshake, /meta/connect, /meta/disconnect... listeners. When I try to trigger the /meta/handshake I seeing SSL self signed certificate in certificate chain error. As a solution, I tried to install the ssl certificates on my server and tried to connect to Genesys but I still see the same self signed certificate error.
Is there a way to configure the listeners with rejectUnauthorized: false?
Related
Only some (not all) users are receiving ERR_SSL_PROTOCOL_ERROR in Chrome when attempting to visit my express site. I am not receiving this error, so it is proving a pain to debug.
I am creating a https server using a PFX file I downloaded from my provider (1&1):
var options = {
pfx: fs.readFileSync('./mysite_private_key.pfx'),
passphrase: 'MYPASSPHRASE',
};
https.createServer(options, app).listen(443);
https://whatsmychaincert.com tells me that the chain is correct but complains about the handshake:
[mysite] has the correct chain.
[mysite]: TLS handshake error:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
internal error SSL Labs might be able to tell you what went wrong
I've googled this with no success, does anyone know what the problem could be? Ty.
In the end I ditched 1&1 and used GoDaddy's CA service and the problem went away.
A possible source of failed handshake could be the lack of an intermediate certificate, ca option of tls.createSecureContext. It should by public on your provider's website.
Hope this helps.
nowadays , when our server (e.g. 1&1) is securely configured , only tls v1.2 and tls v1.3 are supported ..
so how you debug this:
scan your site with SSL Labs Test too see which ciphers are supported , or alternately see in our nginx/apache config
tail -f the server logs , especially the catchall/other_vhosts log files,since ssl protocol errors might be in the site logs and the generic catchall log when the server cannot decide on the name
try to update the users chrome to support at least tls 1.2
chrome has the some command line switches to change its cipher behaviour:
--ssl-version-max Specifies the maximum SSL/TLS version ("tls1.2" or "tls1.3"). ↪
--ssl-version-min Specifies the minimum SSL/TLS version ("tls1", "tls1.1", "tls1.2", or "tls1.3"). ↪
DANGER ZONE:
as last resort you could try to accept legacy ciphers in your nginx-config ( ssl_ciphers directive) like socat OR (very last resort) socat23 to check which version your clients support,
remember to disable everything below tls v1.2 in production environment
Right now I wanna have a node client, for my socket.io application.
The problem I am having is that I wanna connect to the server using a https connection, but the server is using a self-signed certificate, and I wanna be able to allow all certificates with socket.io-client, otherwise the client rejects the connection.
I am writing a node client, and there are no browsers involved.
So is there any options to trust all certficates or to allow only some with socket.io-client?
Thank you very much.
I have a server with public IP and hold a website on it. I don't have a domain and my web server is IIS, then I created a self signed certificate in the server and bind it to my website. When I want to access to my website using a link like http://.../test. I can access to the website with https in localhost in the server. but I can't access to the website from a client browser with httpsand I get this error in client browser:ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Your server most likely doesn't support TLS (v1.0 or higher) but only SSLv3. That's a common cause for this error. SSLv3 is blocked in most browsers because of the POODLE vulnerability (CVE-2014-3566). You should review your server settings and upgrade them accordingly.
You can test your website at the awesome SSL Test from SSL Labs. This will point out errors like these and it helps you create a secure config. Please keep in mind that any score below A is in urgent need of improvement.
I found out to solve it. Port 443 was closed in the server.
Does Node.js support certificate pinning? More specifically, if a server passes a HPKP header on the first connection, will Node.js honor that setting?
Note that this is for library in which a client connects to my server. I don't care if the HTTPS server in Node supports certificate pinning.
I also understand that I can inspect the certificate manually and there are a few third party libraries which will check on every connection or monkey patch the request library. I'm not asking about that functionality, either.
My plan is to check the certificate the first time and reject if it doesn't match. However, that doesn't do me any good if the TLS cert is changed after that first call.
Use res.socket.getPeerCertificate().fingerprint property of HTTPS response, compare it with your preshared value.
Getting "error initializing handshake" with the SocketIO4Net library when I try to connect using my https node/socket.io connection over SSL. Is SSL/WSS supported with SocketIO4Net?
SocketIO4Net with plain http works, and standard Socket.IO in JavaScript over plain http and over https SSL works. But not SocketIO4Net with SSL, yet. Must be missing something, but challenge debugging this one.
The source seems to indicate the message "Error Initializing handshake" means it's missing the socket id when it tries to connect to the node/socket server. Any ideas?
Got SocketIO4Net to work with SSL too. Needed to import the Self-Signed Cert into the Cert Auth chain on our QA middleware box that was running SocketIO4Net and calling our node server. Works great now!