-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Node 10.1.0 TLS issue with ldap: Client network socket disconnected before secure TLS connection was established #21088
Comments
Do you have a minimal code example (preferrably free of third party modules) that reproduces the error? |
Unfortunately no, because the specs for reproducing are super computers :
Each host has 32GB RAM, 8CPU. The local bandwidth is 10GPB/S. If you have that, you can use https://github.com/vesse/node-ldapauth-fork to authenticate using node to a secure OpenLap. Do that in parrallele and you'll get your error. |
I'm sorry, but this bug report is not actionable if there is no way to reproduce or establish it's a bug in Node.js core (since it could be a bug in one of the modules you're using.) I'll close this out, let me know if you have a test case that doesn't depend on third-party components. |
Hey, npm install axios
or with the https:
|
I also experience this issue with couple of URLs with Node v10.4.1 on macOS High Sierra Here is sample code to test. const https = require('https');
https.get('https://supplychain.2go.com.ph', (resp) => {
let data = '';
resp.on('data', (chunk) => {
data += chunk;
});
resp.on('end', () => {
console.log(data);
});
}).on("error", (err) => {
console.log("Error: " + err.message);
}); |
@tosbaha That's unrelated. You can verify with curl or |
@bnoordhuis This web site works on Firefox,Safari,curl without any warning. It is using TLS 1.0 Is there a anyway for me to connect TLS 1.0 sites or it just won't work. |
Any way to solve this? |
@jor3l
NodeJS thinks that it is not their responsibility to support outdated sites. There is no workaround. |
I can't believe there isn't a way to turn off this level of strictness... Please let me know if I'm missing something obvious I am trying to do a simple Http GET request to a site which is using TLS 1.0 Node: v10.9.0 I get the response:
I appreciate that this is out-dated technology, but I have no power over the site I'm trying to connect to. To people who stumble across this message, I'd suggest you check the security settings of the site you're attempting to connect to: At time of writing @tosbaha example code (above), yields the same error: |
secure protocol to use is configurable by command line switch (only in recent master), and by |
Hi @sam-github Thanks for the reply - Forgive my ignorance, I'm not very familiar with the platform. I have updated my copy of Node to run v11.2.0 and using the links you provided, I came up with this - But it's still throwing the error:
Please can you let me know where I'm going wrong? Thanks again |
That server only allows insecure TLS 1.0 protocols that have been removed in OpenSSL in node 10.x and higher. You need to set the cipher list, and you need to use a version of openssl prior to 1.1.0, which means node 8.x. Browsers are very, very lenient wrt. insecure ciphers, apparently. Chrome and Lynx connect to that website, but wget and curl do not. Try this: |
Thanks again for getting back to me. I believe the current project has dependencies which require Node v 10+ I may have to shell this bit of responsibility off to it's own environment to pursue. Thanks again for taking the time to respond. |
@sam-github I am using node 10 and I also keep running into this error when request to www.googleapis.com, e.g. https://www.googleapis.com/blogger/v3/blogs/2399953?key=... But I found it won't happen to https://samples.openweathermap.org, e.g. https://samples.openweathermap.org/data/2.5/weather?q=London,uk&appid=b6907d289e10d714a6e88b30761fae22 But they both use TLS 1.2 not TLS 1.0 as @birksy89 said. Why openweathermap won't complain ? |
I believe this may be related to the // throws
tls.connect({host: 'httpbin.org', port: 443});
// doesn't throw
tls.connect({host: 'httpbin.org', port: 443, servername: 'httpbin.org'}); Maybe it throws due to incorrect |
Hi, TLS1.0 is depricated protocol. |
can anybody tell me what is the latest node version supportin tls 1.0??? I have to access a server I cannot control, so I really need some way to connect to it. Thanks a lot |
@opensas They all do, it's just disabled by default. Start node like this: |
@bnoordhuis It appears that only v11 of node supports the |
Sorry, I should have said: They all do, it's just disabled by default in some versions. I asked about back-porting the switches in #27432. |
hi @bnoordhuis / @sam-github , when will this fix be released and as part of which node version? |
There are no bugs here to fix. TLS1.0 is supported even in master, check the unit tests: https://github.com/nodejs/node/blob/master/test/parallel/test-tls-min-max-version.js#L99 It is also supported in older versions. how to enable it depends on the version, more recent node has CLI options to change the defaults, older node has to use explicit TLS config, see the tests. EDIT: or docs for the relevant version |
I just use axios instead of Http to send the request. That resolved my problem. |
use axios instead of http to send the request can reolve this problem |
Its not particularly secure, but if absolutely required, |
We are experiencing issue while login to ldap in paralele.
The service we use is verdaccio v3.0.2 with an Alpine linux docker container.
We use verdaccio-ldap module for the ldap authentication part.
We are experiencing issue due to multiple transactions to the LDAP through TLS.
This happens after upgrade to node 10.1.0.
The text was updated successfully, but these errors were encountered: