--tls-v1.0 flag doesn't work on Node v12

[minas90]

Hi,
I'm trying to migrate to v12, but sadly there are some breaking changes for our use case.
We aggregate content from thousands of websites and some of them still do not support tls v1.2

I tried passing the --tls-v1.0 flag like mentioned here tls: disable TLS v1.0 and v1.1 by default, like this node --tls-v1.0 run.js, but it didn't help.
I'm getting the following error message:
request to https://rss.adnkronos.com/RSS_PrimaPagina.xml failed, reason: write EPROTO 4562253248:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1922:

Any suggestions?

[lpinca]

Try with --tls-min-v1.0, it should work.

[minas90]

@lpinca Thanks, it worked!

It was not clear from the changelog, as disable TLS v1.0 and v1.1 by default point to a commit with a different flag. And the actual relevant flag is here I think TLS1.3 support

[lpinca]

Yes you are right. https://nodejs.org/api/cli.html and node --help are more reliable resources.
I'm going to close this, please let me know if this should stay open.

[icodeforlove]

So happy you guys allowed us to use this flag.

Please don't forget those who do not have control over the sites we need to connect to.

🙏 🙏 🙏 🙏 🙏

[hyochan]

Try with --tls-min-v1.0, it should work.

@lpinca Could you also guide us on how to use --tls-min-v1.0 when using ts-node?

[woolson]

@hyochan You can handle it like

NODE_ENV=development node --tls-min-v1.0 -r ts-node/register src/main.ts

[eladnava]

For anyone facing issues enabling TLS 1.0 and 1.1 on newer Node versions (such as Node v20), it appears there is now a new requirement to lower the OpenSSL security level to 0 by passing the ciphers property apart from passing the --tls-v1.0 flag:

var tlsServer = tls.createServer(
    key: fs.readFileSync('ssl/server.key'),
    cert: fs.readFileSync('ssl/server.crt'),
        
    // Enable TLS 1.0 and 1.1
    ciphers: 'DEFAULT@SECLEVEL=0',
    minVersion: 'TLSv1'
});