node 17.1 verify failure using https with pfx certificate

[introspection3]

Version

17.1

Platform

ubuntun 20 x64

Subsystem

No response

What steps will reproduce the bug?

if (sslConfig.type == 'pfx') {
    serverOptions = {
        pfx: fs.readFileSync(path.join(configDir, 'ssl', sslConfig.pfxName)),
        passphrase: sslConfig.pfxPassword
    };
}

let server = https.createServer(serverOptions, async function(req, res) {
           
});

How often does it reproduce? Is there a required condition?

every time

What is the expected behavior?

No response

What do you see instead?

pem works fine

Additional information

No response

[tniessen]

Thank you for the report. Could you post information about the PFX file you are attempting to load, @564064202? For example, using OpenSSL, you can list the contents of the PKCS#12 structure without revealing secret keys.

openssl pkcs12 -info -in mycert.pfx -noout

This should print a list of objects and algorithms, e.g.,

MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

[tniessen]

@564064202 The error is most likely due to the use of pbeWithSHA1And40BitRC2-CBC in the PKCS#12 file, in particular, because of RC2.

RC2 is disabled by default in Node.js 17 and can only be enabled through the legacy provider, see --openssl-legacy-provider.

However, before enabling the legacy provider, you should consider using a different cipher to protect your PKCS#12 files. RC2 is disabled because it is technically broken and because it has virtually no advantage over modern ciphers.

[tniessen]

where I can see every node version's changes?

All releases are listed as GitHub releases in this repository, in the changelogs directory, and in the Node.js blog.

Additional information is sometimes available through the nodejs Twitter account and/or through Node.js medium.

In this case, the problem might have been difficult to track down since we did not actively disable RC2. Instead, as part of the transition to Node.js 17, we updated OpenSSL from 1.1 to 3.0, and OpenSSL 3 disabled many legacy algorithms, including RC2.

[tniessen]

Closing this issue as answered. Please let us know if the problem persists after switching to a supported cipher (or enabling the --openssl-legacy-provider option if switching to a different cipher is not possible).

[chucker]

For the curious: with OpenSSL 3, you can use a command like

openssl pkcs12 -in oldPfxFile.pfx -nodes -legacy | openssl pkcs12 -export -out newPfxFile.pfx

to modernize the cipher on your .pfx.

[val1984]

My .pfx had a passphrase, I was unable to do it in a single piped command but this worked:

openssl pkcs12 -in oldPfxFile.pfx -nodes -legacy -out decryptedPfxFile.tmp
openssl pkcs12 -in decryptedPfxFile.tmp -export -out newPfxFile.pfx

[rachitpant]

When you say node migrated from openssl 1.1 to openssl3.0 , Does node include its own copy of openssl , or is it just a wrapper around system openssl.
I am a spot here because the local system openssl version is LibreSsl 2.8.3 , so i can't seem to run the above commands to upgrade the cipher in .pfx. But at the same time , node is not accepting the deprecated cipher.

[val1984]

When you say node migrated from openssl 1.1 to openssl3.0 , Does node include its own copy of openssl , or is it just a wrapper around system openssl. I am a spot here because the local system openssl version is LibreSsl 2.8.3 , so i can't seem to run the above commands to upgrade the cipher in .pfx. But at the same time , node is not accepting the deprecated cipher.

Considering the wording in this nodejs.org announcement, it seems that yes, node has its own copy of openssl.

[rachitpant]

When you say node migrated from openssl 1.1 to openssl3.0 , Does node include its own copy of openssl , or is it just a wrapper around system openssl. I am a spot here because the local system openssl version is LibreSsl 2.8.3 , so i can't seem to run the above commands to upgrade the cipher in .pfx. But at the same time , node is not accepting the deprecated cipher.

Considering the wording in this nodejs.org announcement, it seems that yes, node has its own copy of openssl.

There is something going on with this version of node and openssl. The application worked perfectly fine on olders node envs , and here i just now tried even disabling https and proxing is not working ( even without https ).

Wondering if ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355: error has something to do with the fact that the system openssl version is different. This could also be an error with http-proxy that vite uses internally, but the also all of this ( including https proxying) was working earlier.

[trevor-webster]

@tniessen , I am getting a mac verify error with Node 18 LTS, even with the following info:

openssl pkcs12 -in ./myCertificate.p12 -info

MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes
    localKeyID: 01 00 00 00
    friendlyName: {32111A74-D0B8-49FB-882F-2D320400B61B}
    Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0

The same cert is working with curl

curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.13
Release-Date: 2022-01-05

[val1984]

openssl pkcs12 -in ./myCertificate.p12 -info

MAC: sha1, Iteration 2000

sha1 is insecure and deprecated.

I guess it works with curl because it might be using openssl with an option to keep accepting older cyphers.

Have you tried chucker command or my commands?

[Iv3li0s]

Change the encrypted algo with PBE-SHA1-3DES solved my problem

Here my full command line to generate my pfx file ( -inkey and -certfile options aren't mandatory )
openssl pkcs12 -certpbe PBE-SHA1-3DES -inkey KEY_FILE.key -in CERT_FILE.crt -certfile PARENT_CERT.crt -export -out PFX_FILE.pfx

[bitconym]

Change the encrypted algo with PBE-SHA1-3DES solved my problem

Here my full command line to generate my pfx file ( -inkey and -certfile options aren't mandatory ) openssl pkcs12 -certpbe PBE-SHA1-3DES -inkey KEY_FILE.key -in CERT_FILE.crt -certfile PARENT_CERT.crt -export -out PFX_FILE.pfx

Thanks for the example, for me PBE-SHA1-3DES still didn't work, so I used AES-256-CBC.
I use MacOS with LibreSSL 3.3.6

[Quang810]

openssl pkcs12 -in ./myCertificate.p12 -info

MAC: sha1, Iteration 2000

sha1 is insecure and deprecated.

I guess it works with curl because it might be using openssl with an option to keep accepting older cyphers.

Have you tried chucker command or my commands?

I have tried both of these commands but on my machine, openssl reports there's no legacy option:
openssl pkcs12 -in my_pfx_file.pfx -legacy -nodes -out decryptedPfxFile.tmp unknown option '-legacy' usage: pkcs12 [-aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -des | -des3 | -idea] [-cacerts] [-CAfile file] [-caname name] [-CApath directory] [-certfile file] [-certpbe alg] [-chain] [-clcerts] [-CSP name] [-descert] [-export] [-in file] [-info] [-inkey file] [-keyex] [-keypbe alg] [-keysig] [-LMK] [-macalg alg] [-maciter] [-name name] [-nocerts] [-nodes] [-noiter] [-nokeys] [-nomac] [-nomaciter] [-nomacver] [-noout] [-out file] [-passin arg] [-passout arg] [-password arg] [-twopass]

I removed the -legacy command but it does not resolve the problem at all. Anyone know how to enable [--openssl-legacy-provider](https://nodejs.org/docs/latest-v17.x/api/cli.html#--openssl-legacy-provider) on Typescript? Thank you.

[NEOSHarley]

@Quang810 I had the same problem. Solved it by running the commands on ubuntu instead.

openssl pkcs12 -in oldPfxFile.pfx -nodes -legacy -out decryptedPfxFile.tmp
openssl pkcs12 -in decryptedPfxFile.tmp -export -out newPfxFile.pfx

[Dror-Bar]

On mac, '-legacy' is an invalid command. So simply remove it from the first command:

openssl pkcs12 -in oldPfxFile.pfx -nodes -out decryptedPfxFile.tmp

However the second command does nothing to change to encryption (it remains RC2). I used the following command:

openssl pkcs12 -certpbe pbeWithSHA1And3-KeyTripleDES-CBC -in decryptedPfxFile.tmp -export -out newPfxFile.pfx

This seems to have changed the PKCS7 Encrypted Data

---

Edit: Depending on your situation, you might want to use a different cipher, like aes-256-ecb (then the command would look like this:)

openssl pkcs12 -certpbe aes-256-ecb -in decryptedPfxFile.tmp -export -out newPfxFile.pfx

I needed this cipher so node 18 would stop complaining and also the service I was making requests to could still correctly receive the pfx files

[mrlilililililili]

Is this error reported because the certificate is not available
error outputting keys and certificates 94120000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetc h.c:373:Global default library context,Algorithm (RC2-40-CBC:0),Properties()

[marikaner]

I'd like to point out that the error message could be improved. Error: unsupported could mean anything.

[nalexn]

If you need to retain the type of the cert container as p12, you can re-encrypt this way (tested on mac):

openssl pkcs12 -nodes -legacy -nokeys -out push_cert.pem -in PATH_TO_LEGACY_P12
openssl pkcs12 -nodes -legacy -nocerts -out push_key.pem -in PATH_TO_LEGACY_P12
openssl pkcs12 -export -in push_cert.pem -inkey push_key.pem -out re_encrypted.p12

[jpierson-at-riis]

How are these comments possibly classified as abuse? It must have been a mistake as the comments provide a more full context and have no indication of abusive language or behavior.

[flybeye]

For the curious: with OpenSSL 3, you can use a command like

openssl pkcs12 -in oldPfxFile.pfx -nodes -legacy | openssl pkcs12 -export -out newPfxFile.pfx

to modernize the cipher on your .pfx.

In regards to the PFX file utilizing older RC2 non-compliant SSL standard along with your certificate be installed locally on a Windows device.. you can use Manager User Certificates MMC to export the certificate with AES256.. cipher to allow for Node v20.. to get passed the unCaughtException error

convert-a-cert-pem-certificate-to-a-pfx-certificate