SSL Error in nodejs

Question

I'm trying to get a webpage via node https.request(). Doing so results in an error getting logged by my code. Using the node request module has the same result:

problem with request: 140398870042432:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:658:

The following indicates the wrong SSL version is being used, but I cannot find a way to change the version: curl error: "sslv3 alert unexpected message". Using curl from my terminal returns a response as does hitting the URL in my browser (it is a login page). My code is below.

var request = require('request')
request.get("https://icmserver.wit.ie/balance", function(err, res, body) {
    if (err) {
        return console.log(err)
    }
    return body;
});

Does anyone have any idea what might be happening here?

Could you show us the exact code you're using? It'd help if we could reproduce the issue. — Asherah, Jun 19 '12 at 03:15
Thanks Len, This is my code: var request = require('request') request.get("https://icmserver.wit.ie/balance", function(err, res, body){ if(err){ return console.log(err) } return body; }); It keeps logging the SSL error. — Evan Shortiss, Jun 19 '12 at 07:01
I note that when I access the site in Chrome, I get: "*The connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues.*" Possibly Node's built-in SSL doesn't support SSL 3. — Asherah, Jun 19 '12 at 07:06
I thought as much. Have spent a long time looking for a way to change nodes SSL version but have had no luck. Thanks for your help :) — Evan Shortiss, Jun 19 '12 at 07:50

score 15 · Accepted Answer · answered Jul 10 '12 at 07:22

15

Try to use options = { secureProtocol: 'SSLv3_method' } in the request you are making.

answered Jul 10 '12 at 07:22

SuperShalabi

471
5
7

Thanks SuperShalabi that worked, the request is returning data now! – Evan Shortiss Jul 16 '12 at 19:11
Clarification: The secureProtocol option goes in a new https.Agent. – Ryan Olds Sep 05 '12 at 17:58
4

just for clarification, SSLv3 is broken, you must not use it. – Sebastián Espinosa Feb 03 '15 at 07:56

score 12 · Answer 2 · answered Oct 02 '12 at 01:22

12

We hit the same problem. By default, request uses the https.globalAgent. So we added the code near the top of our script.

var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method';

All of a sudden everything worked.

answered Oct 02 '12 at 01:22

Will Glass

4,800
6
34
44

I wouldn't have expected this to work as I would've thought requiring https in different places would therefore not have the same globalAgent, but alas it has worked. Thanks! – GotDibbs Jun 05 '13 at 21:41
I got the error SSL23_GET_SERVER_HELLO:unknown protocol and googled my finger bloody until i finally found this solution. Hopefully reindexes this so others get the information more quickly. – Stephan Hoyer Jul 09 '13 at 17:34
I don't know why this answer has more votes. It can be dangerous to set the protocol globally. If the accepted answer does not work for you, rather than setting the protocol globally, please read carefully the doc to see how to set it up: http://nodejs.org/api/https.html#https_https_request_options_callback – Sylvain B Nov 04 '14 at 12:02
1

I would argue it is more dangerous to allow nodeJS to communicate using SSLv2. – awimley May 16 '16 at 21:25

score 0 · Answer 3 · edited Feb 27 '19 at 19:05

0

In case website uses ECDH curve, for me the issue resolved only by adding this option:

request({ url, agentOptions: {
            ecdhCurve: 'P-521:P-384:P-256',
},(err,res,body) => {

JFYI, May be this will help someone.

edited Feb 27 '19 at 19:05

Klaus Gütter

11,151
6
31
36

answered Feb 27 '19 at 18:05

Denisix

106
1

This does not look like answer, it's more of suggestion, you can comments for such solutions. – Atul Dwivedi Feb 27 '19 at 18:40

SSL Error in nodejs

3 Answers3

Linked