Ankita Kashyap Ankita Kashyap - 1 month ago 10
Node.js Question

How to disable the SSL 3.0 and TLS 1.0 in nodejs

I am using nodejs in Ubuntu. and i want to disable the SSL 3.0 and TLS v1.0 both.

Here is my code

var constants = require('constants')
, https = require('https')
, path = require('path')
, tls = require('tls')
, fs = require('fs');
var sslOptions = {
key: fs.readFileSync('/etc/ssl/private/private.key'),
secureProtocol: 'SSLv23_server_method',
secureOptions: constants.SSL_OP_NO_SSLv3,
secureOptions: constants.SSL_OP_NO_TLSv1,
cert: fs.readFileSync('/etc/ssl/certs/STAR_mycert.crt'),
ca: [
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
],
//ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
requestCert: false,
rejectUnauthorized: false
};


Now when i test my website on digicert i got following issue

enter image description here

any idea how to do this?

Answer

I don't know much about node.js but I think that you last secureOptions simply overrides the first one because you cannot have the same key multiple times in a dictionary. Since the underlying TLS stack (OpenSSL) requires that the options are combined with bitwise or try the following instead:

secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,