I am running into problems with a specific node.js proxy which is being rejected by the backend server, presumably because of issues with the negotiated SSL/TLS connection. While the connection is allowed by the server, a downstream configuration simply returns an AccessDenied.
I would like to have better control of the SSL/TLS options of a node.js proxy within Edge when making outgoing requests.
As I understand it, the Edge node.js instances are using the underlying JSSE v1.7
I would like to do two things.
Inspect which ciphers are available on the platform
On most node servers, I would run tls.getCiphers(). In Edge this creates the following exception:
TypeError: Cannot find function getSSLCiphers in object [object _cryptoClass]. at tls.js:46 at /organization/environment/api/main.js:46 at /organization/environment/api/node_modules/request/request.js:187 at emit (events.js:98) at /organization/environment/api/node_modules/request/request.js:1044 at emit (events.js:95) at /organization/environment/api/node_modules/request/request.js:965 at emit (events.js:117) at _stream_readable.js:943 at _tickDomainCallback (trireme.js:491) at _tickFromSpinner (trireme.js:422)\n
Control which ciphers are available in negotiating TLS/SSL on an outgoing connection
The following code is something I would expect to work. This does have the effect of switching out the ciphers, as it will create the following fault: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)"
JSSE specifications for ciphers generally differ from their openssl counterparts.
It's unclear which format to specify here, especially without an ability to query the available ciphers through node.
var options = { url: url, agentOptions: { secureProtocol: 'TLSv1.2' ,ciphers: 'ECDHE-RSA-AES128-CBC-SHA128' } }; request.get(options,function(err, data) { res.send(data); });
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |