Hello, I am trying to make simple post request to my nodejs server, which is using the certificate provided by letsencrypt. However, when I post request from php to my nodejs server I get:
Error: write EPROTO 2798134296:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:../../third_party/boringssl/src/ssl/tls_record.cc:587:SSL alert number 40
View in Console
Learn more about troubleshooting API requests
can be verified using postman by posting to my node socket: https://www.mathtutortime.com:3001. It looks like it has to do with an improper handshake with letsencrypt? Thanks for any ideas.
nodeJS allows you to pull in your private and public certificates. It completely allows SSL.
In fact, if you don't pull it in it will give you an error when trying to run the server.
I don't understand any of that. The only thing I can see from remote is that OpenSSL notices on connecting:
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
The only difference with a regular TLS connection without client certificates is that it only mentions the first row.. The other three rows seem to be specific for your NodeJS server.
While I've never encountered this error before myself and I've never used and probably will never use NodeJS directly personally (unfortunately Firefox requires it to be build properly............), I'm thinking the lack of client certificate is the issue here.
Now, if you think that's not the case, perhaps you'd like to share a little bit more about the setup you have, the configuration et cetera. Because as I said, I didn't understand a thing about your post just now. "pull in your private and public certificates"? What does that mean? "It completely allows SSL"? What do you mean by that? "In fact, if you don't pull it in it will give you an error when trying to run the server" -> do you mean to say NodeJS won't run if you don't require a client certificate?
Thank you for the detail. I didn't mean to say that it won't run if you don't have ssl. I meant to say that if you have your ssl settings setup in Node, and the private and public certificates don't match, or it can't fetch either file, the server will not run. By "pull in the private and public certificates" I mean that you have to get these certificate files if you want an ssl server, which I gave the directory address to on my server. By completely allows SSL I mean that you can run your server securely or not securely. I choose securely.
My private and public key files only have 1 key each. Where are you getting that it is unable to verify? I thought the website wouldn't open up on https if the first certificate wasn't verifiable?
The missing intermediate certificate isn't the main problem.
May be you have a limited list of cipher suites or an untypical configuration.
PS: Alert 40:
Error creating a TLS-Connection: IANA TLS Alert No. 40, handshake_failure. Receipt of a "handshake_failure" alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. SSL_ERROR_NO_CYPHER_OVERLAP (Mozilla) / ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chrome)
So your configuration is wrong / unknown. But I have no idea how nodejs manages that.
Ok. I'm not familiar with what an intermediate certificate is. I only have the option to put in a private and public key file on my server. Do I need to try to find an option to add another type?
I searched Google pretty extensively regarding this. Everything I found generally led toward what @JuergenAuer was mentioning about non-standard cipher suites and such. I didn't find anything conclusive though.
Sorry, a little new to what a cipher suite is. I don't remember pulling anything like that. Is there a linux config that can pull more cipher suite lists?
"var fs = require('fs');
var express = require('express');
var bodyParser = require('body-parser');
const fetch = require('node-fetch');
const cors = require('cors');
var options = {
key: fs.readFileSync('/var/www/html/privkey.pem'),
cert: fs.readFileSync('/var/www/html/cert.pem'),
requestCert: true,
rejectUnauthorized: true
};
const chat_port = process.env.port || 3001;
var app = express();
app.use(cors());
app.options('*', cors());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(express.static(__dirname));
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "mathtutortime.com/account/get_tutoring"); // update to match the domain you will make the request from
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
var server = require('https').createServer(options, app);
var io = require('socket.io').listen(server);
...more stuff dealing with implementation of server...
var host = '192.168.0.15';
server.listen(chat_port, host, function(){
console.log('listening on *' + chat_port);
});