{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • General /
avatar image
1
Question by Tom Schaible · Jul 26, 2016 at 05:59 PM · 670 Views node.jstlsnode

How do you control ciphers in a node.js proxy on Apigee Edge Cloud?

I am running into problems with a specific node.js proxy which is being rejected by the backend server, presumably because of issues with the negotiated SSL/TLS connection. While the connection is allowed by the server, a downstream configuration simply returns an AccessDenied.

I would like to have better control of the SSL/TLS options of a node.js proxy within Edge when making outgoing requests.

As I understand it, the Edge node.js instances are using the underlying JSSE v1.7

I would like to do two things.

  1. Inspect which ciphers are available on the platform.
  2. Control which ciphers are available in negotiating TLS/SSL on an outgoing connection.

Inspect which ciphers are available on the platform

On most node servers, I would run tls.getCiphers(). In Edge this creates the following exception:

TypeError: Cannot find function getSSLCiphers in object [object _cryptoClass].

    at tls.js:46
    at /organization/environment/api/main.js:46
    at /organization/environment/api/node_modules/request/request.js:187
    at emit (events.js:98)
    at /organization/environment/api/node_modules/request/request.js:1044
    at emit (events.js:95)
    at /organization/environment/api/node_modules/request/request.js:965
    at emit (events.js:117)
    at _stream_readable.js:943
    at _tickDomainCallback (trireme.js:491)
    at _tickFromSpinner (trireme.js:422)\n

Control which ciphers are available in negotiating TLS/SSL on an outgoing connection

The following code is something I would expect to work. This does have the effect of switching out the ciphers, as it will create the following fault: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)"

JSSE specifications for ciphers generally differ from their openssl counterparts.

  • JSSE = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  • openssl = ECDHE-RSA-AES128-SHA256

It's unclear which format to specify here, especially without an ability to query the available ciphers through node.

            var options = {
                url: url,
                agentOptions: {
                    secureProtocol: 'TLSv1.2'
                    ,ciphers: 'ECDHE-RSA-AES128-CBC-SHA128'
                }
            };
            request.get(options,function(err, data) {
                res.send(data);
            });
Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

0 Answers

  • Sort: 

Follow this Question

Answers Answers and Comments

40 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Need Help : Node.js function doesn't work in APIGEE, works fine in local 1 Answer

NodeJS GZip compression 5 Answers

Node.JS Servicecallout Policy documentation 3 Answers

Executing nodejs proxy error-Script exited with status code 0 1 Answer

Reference a JS file from within NodeJS Target Endpoint 3 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges