Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to make tls1.0 connection via curl to app server running on node.js 18 #49632

Closed
kumarrishav opened this issue Sep 12, 2023 · 0 comments
Closed

Unable to make tls1.0 connection via curl to app server running on node.js 18 #49632

kumarrishav opened this issue Sep 12, 2023 · 0 comments

Comments

@kumarrishav
Copy link
Contributor

kumarrishav commented Sep 12, 2023
edited
Loading

Version

18

Platform

Darwin xxxx 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul 5 22:22:05 PDT 2023; root:xnu-8796.141.3~6/RELEASE_ARM64_T6000 x86_64

Subsystem

No response

What steps will reproduce the bug?

Success scenario

Client/Curl

curl -kv --tlsv1 --tls-max 1.0 https://localhost:8443/v1/userdatastore/hello/max
*   Trying 127.0.0.1:8443...
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1 / ECDHE-RSA-AES128-SHA
* ALPN: server accepted http/1.1
* Server certificate:
<redacted>
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* using HTTP/1.1
> GET /v1/userdatastore/hello/max HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 200 OK

Server running on node.js 16 in local

Failed scenario

Client/Curl

curl -kv --tlsv1 --tls-max 1.0 https://localhost:8443/v1/userdatastore/hello/max
*   Trying 127.0.0.1:8443...
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure
* Closing connection 0
curl: (35) LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure

Server running on node.js 18 in local - with SECLEVEL=0 in ciphers

Some of the server configuration

            "ciphers": "AES128-GCM-SHA256:AES128+SHA1:@SECLEVEL=0",
            "honorCipherOrder": "true",
            "minVersion": "TLSv1",
            "secureOptions":  16384,
            "rejectUnauthorized": true,
            "requestCert": true,

Note: It works fine when i used ssl resumption using pre-generated session keys

How often does it reproduce? Is there a required condition?

No response

What is the expected behavior? Why is that the expected behavior?

Curl requests should be successful without making any changes on client side.

What do you see instead?

Curl request fails

Additional information

No response
@nodejs nodejs locked and limited conversation to collaborators Sep 13, 2023
@bnoordhuis bnoordhuis converted this issue into discussion #49634 Sep 13, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kumarrishav