-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no shared cipher error if cert is loaded later #49549
Comments
Can you try with the latest v18 or v20 release? v16 is going EOL in three days, any bugs that aren't critical security vulnerabilities aren't going to get fixed. |
Yes, First I tried with v18 and did similar to this #36655 (comment) because I have to use SECLEVEL=0 #46515 in node 18 (as our certs are sha1 signed and it will few months to upgrade it). with node 18, it threw similar error mentioned here #36655 (comment) adding SECLEVEL=0 using the above mechanism (i.e load cert later after setting cipher) works fine when node.js is acting as a client. but when it's acting as a server (like the above explained), it throws the error (even after following above mechanism). CC: @bnoordhuis |
Can you post a complete example that throws (with v18 or v20) the exception you reported? I need precise steps to reproduce if you want me to help you. |
Yeah. I am trying to build a test case (and might need help) that could be publicly shared. I created this cert (sha1 signed and 1024 bit - trying to match my error scenario) , I am surprised that while using following cert (Created via openssl), it doesn't throw the error
|
Since there's been no follow-up I'll go ahead and assume this is working for you now. |
Sorry, got busy with another task and hence, couldn't follow up. So, here are the steps to reproduce.
key.pem
cert.pem
Why load the cert later? : due to this #36655 (comment) Do we know why is this not working?
|
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: nodejs#36655 nodejs#49549 Refs: https://github.com/orgs/nodejs/discussions/49634 https://github.com/orgs/nodejs/discussions/46545
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n>changes the security level and that affects subsequent operations. Fixes: nodejs#36655 nodejs#49549 Refs: https://github.com/orgs/nodejs/discussions/49634 https://github.com/orgs/nodejs/discussions/46545
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: nodejs#36655 nodejs#49549 Refs: https://github.com/orgs/nodejs/discussions/49634 https://github.com/orgs/nodejs/discussions/46545 https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655 Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655 Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: nodejs#36655 Fixes: nodejs#49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: nodejs#50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655 Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655 Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Set the cipher list and cipher suite before anything else because @SECLEVEL=<n> changes the security level and that affects subsequent operations. Fixes: #36655 Fixes: #49549 Refs: https://github.com/orgs/nodejs/discussions/49634 Refs: https://github.com/orgs/nodejs/discussions/46545 Refs: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html PR-URL: #50186 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Paolo Insogna <[email protected]>
Version
v16.20.0
Platform
Darwin xxxx 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul 5 22:22:05 PDT 2023; root:xnu-8796.141.3~6/RELEASE_ARM64_T6000 x86_64
Subsystem
No response
What steps will reproduce the bug?
create securityContext and load the cert later
#46515
#36655 (comment)
How often does it reproduce? Is there a required condition?
No response
What is the expected behavior? Why is that the expected behavior?
No response
What do you see instead?
Additional information
No response
The text was updated successfully, but these errors were encountered: