I'm using the node-request module, regularly sending GET requests to a set of URLs and, sometimes, getting the error below on some sites.
Error: 29472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:683
The problem is that I don't get this error always or always on the some URLs, just sometimes. Also, it can't be ignored with "strictSSL: false".
I have read that this can be related to me sending SSL requests with the wrong protocol (SSLv2, SSLv3, TLS..). But this doesn't explain why it happens irregularly.
Btw, I'm running nodejs on a Win 2008 server.
Any help is appreciated.
You will get such error message when you request HTTPS resource via wrong port, such as 80. So please make sure you specified right port, 443, in the Request options.
This was totally my bad.
I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval.
Simply, I was trying to send a http request to https.
I got this error because I was using require('https') where I should have been using require('http').
Some of the sites are speaking SSLv2, or at least sending an SSLv2 server-hello, and your client doesn't speak, or isn't configured to speak, SSLv2. You need to make a policy decision here. SSLv2 should have vanished from the face of the earth years ago, and sites that still use it are insecure. However, if you gotta talk to them, you just have to enable it at your end, if you can. I would complain to the site owners though if you can.
I had this problem (403 error for each package) and I found nothing great in the internet to solve it.
My .npmrc file inside my user folder was wrong and misunderstood.
I changed this npmrc line from
proxy=http://XX.XX.XXX.XXX:XXX/
to :
proxy = XX.XX.XXX.XXX:XXXX
var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method';
I got this error while connecting to Amazon RDS. I checked the server status 50% of CPU usage while it was a development server and no one is using it.
It was working before, and nothing in the connection configuration has changed.
Rebooting the server fixed the issue for me.
So in Short,
vi ~/.proxy_info
export http_proxy=<username>:<password>#<proxy>:8080
export https_proxy=<username>:<password>#<proxy>:8080
source ~/.proxy_info
Hope this helps someone in hurry :)
in my case (the website SSL uses ev curves) the issue with the SSL was solved by adding this option ecdhCurve: 'P-521:P-384:P-256'
request({ url,
agentOptions: { ecdhCurve: 'P-521:P-384:P-256', }
}, (err,res,body) => {
...
JFYI, maybe this will help someone
I got this error, while using it on my rocketchat to communicate with my gitlab via enterprise proxy,
Because, was using the https://:8080 but actually, it worked for http://:8080
Related
I want to implement proxy server in node.js which is somewhat similar to Charles proxy - it should intercept HTTPS requests from my mobile app, decipher them, route some of them depending on body content to original backend and mock others with some static files.
How this HTTPS stuff is handled in Charles or other proxies?
Will I need self-signed root certificateon mobile device?
Are there any libraries which will help me?
How this HTTPS stuff is handled in Charles or other proxies?
Technically, Charles Proxy or Proxyman.io (the one I'm using now) would do the following steps:
Generate a root certificate and install to keychain and trust it. This steps would do once.
Open the Local Server (at 8888 or 9090).
Override the HTTP Proxy in System to this port. Thus, all traffic will go through the port. You could use the networksetup CLI to easily achieve or Privileged Helper tool on macOS for high performance and secure.
As soon as capture the first socket: If It's a HTTP request, get a first line message. Ex:
GET https://api.producthunt.com/v1/posts HTTP/1.1
Then open the forward socket to this URL.
If it's a HTTPS, make sure do SSL-Handshake and then get the first line message.
Finally, just get the rest of message and parse to proper message(HTTPCParser from NodeJS would be potential candidate)
Send data forward and back from the client and the destination server.
Do manipulation actions if you need since you're the true mitm.
Will I need self-signed root certification mobile device?
Yes, you must install the Root Certificate in the first steps to your iOS device. For the Header/Response detail. Check chls.pro/ssl or proxy.man/ssl from those Charles or Proxyman, and see the content.
You can do it on iOS Simulator by using ADVTrustStore
Are there any libraries which will help me?
You can check the those famous open source to see how it works
- mitmproxy
- zapproxy
- http toolkit
Hope this can help you.
Using Charles Proxy to see your mobile's requests is super easy.
Here is a simple video going over how to set it up. https://www.youtube.com/watch?v=AW2vTBRfOrU
I'm at a loss with a problem that been bugging me for a few days. My express server is returning me 501s for all patch calls. (I believe they used to work).
Does anyone have any suggestions or a way that I could debug express to find where my problem is coming from?
Here's some info:
My route call
app.patch('/creator/sentences/:masterId/', require('./views/creator/sentences/index').updateMaster);
What I get on the client:
Request URL:http://my-url.c9users.io/creator/sentences/197/
Request Method:PATCH
Status Code:501 Not implemented
Any help would be appreciated or anyone someone thinks I could find a way to debug this.
I ended finding out that for some reason my ISP was blocking patch calls. Any other network and things were fine... Went on VPN and things were fine... So weird and now I understand why some web sites weren't working properly for me.
Patch calls must just be quite rare if the isp has this problem they don't fix.
EDIT AND SOLUTION: I ended up using https instead of http and then my isp couldn't block the patch requests :)
I have created an chat app using Socket.IO . It works fine on my home internet. But whenever I am at my university and connected to versity wifi internet, I can't get connected at all. Its facing 'net::ERR_CONNECTION_TIMED_OUT' error.
Here is the url: demo.codesamplez.com/ultrachat/demo.html (You will may get it OK, as I do on home)
I guess, this might be some kind of firewall issue or something?
Does anybody has any clue how to go forward for solving this? Thanks in advance.
Switching from HTTP to HTTPS should get around the problem with incompatible proxy server. That forces the proxy to use HTTP tunneling to maintain the connection instead performing whatever magic it does.
Note: this has nothing to do with NPM (which is what comes up the most when googling this error):
I have a Node server which is trying to make https calls to a IIS/.Net server. My understanding is that when my Node server is playing the part of the "client" I don't need to attach any certificates to the options (var Request = Https.request(Options, function(Response) { ... }); ), however, recently when the IIS/.Net server updated its certificates, Node started throwing CERT_UNTRUSTED errors.
The obvious culprit is the IIS.Net server and/or its certificates, however, that server can be successfully reached by non-Node servers (or fiddler, for example).
The other oddity is that all this code was working fine till the certificates on the IIs.Net server expired and were reset.
Thanks in advance!
I got this to work using the answer found at a similar post:
Unable to verify leaf signature
Still not sure why renewing the certificates caused this to happen, but either way, the ssl-root-cas/latest module did the trick.
I am making an application which has j2me in client side and dotnet on server side.
I need to make an https connection to post to and fetch data from the server.
Can anyone help?
I tried searching on the net but i cannot find much on internet about establishing https connection.
Can anyone explain or reccommend a website??
If you had problems finding J2ME HTTPS examples, this is a nice article.
The above link doesn't work any more. Alternative articles:
IBM Developerworks
Possible causes of https not working is because the server does not have a valid certificate. Try catching exceptions in the part where you make the connection.