I'm getting the below error attempting to start my Node.js 18.17.1 app with a Let's Encrypt certificate. I've temporarily worked around it using openssl 3.1 to save the cert with a modern cipher according to this Node.js issue. Which part of the issuance/renewal process determines the "PKCS7 Encrypted data" cipher as displayed by openssl -info
, and how can I control it?
C:\>openssl.exe pkcs12 -in www.mydomain.com.pfx -noout -legacy -info
MAC: sha1, Iteration 1024
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1024
Certificate bag
Certificate bag
C:\>node.exe "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js" "start"
> user-lookup@0.0.0 start
> node ./bin/www
node:internal/tls/secure-context:278
context.loadPKCS12(toBuf(pfx), toBuf(passphrase));
^
Error: unsupported
at configSecureContext (node:internal/tls/secure-context:278:15)
at Object.createSecureContext (node:_tls_common:117:3)
at Server.setSecureContext (node:_tls_wrap:1362:27)
at Server (node:_tls_wrap:1226:8)
at new Server (node:https:74:3)
at Object.createServer (node:https:112:10)
at Object.<anonymous> (C:\wt-server\cascade-admin-functions\bin\www:16:25)
at Module._compile (node:internal/modules/cjs/loader:1256:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)
at Module.load (node:internal/modules/cjs/loader:1119:32)
Node.js v18.17.1
Thank you.