On 18/02/2022 19:53, Brian Pilati wrote:
I am receiving this error
Error: write EPROTO 0006601201000000:error:0A000152:SSL
routines:final_renegotiate:unsafe legacy renegotiation
disabled:ssl/statem/extensions.c:880
after upgrading to macOS Monterey v12.2.1
I am running Nodejs v16.13.2
Can someone please give me detailed instructions on how to allow unsafe
legacy renegotiation?
This error means that you are running as a client attempting to connect
to a server that has not been patched against CVE-2009-3555. Connection
attempts to servers that do not support secure renegotiation (the
mitigation against that CVE) are now aborted by default in OpenSSL 3.0.
If the server has not been patched against a CVE issued 13 years ago
then it is unlikely to be patched against many other CVEs and you should
strongly question whether you really want to connect to such a server.
You can read more about this in the "SECURE RENEGOTIATION" section of
this page:
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html
If you *really* want to still connect to the server then you can do this
by setting the SSL_OP_LEGACY_SERVER_CONNECT option. I am not a Nodejs
person, so I don't know how/if this option is exposed in Nodejs.
Matt
I have attempted " process.env.NODE_OPTIONS = '--tls-min-v1.0';" in my
node script.
Thanks,
Brian
****************************
--Brian Pilati
http://www.linkedin.com/in/brianpilati
<http://www.linkedin.com/in/brianpilati>
/The information contained in this communication is confidential. This
communication is intended only for the use of the addressee. If you are
not the intended recipient, please notify me promptly and delete the
message. Any distribution or copying of this message without my prior
consent is prohibited./
