TLS1.1 support for AMT 11

[thermionic]

Describe the bug
A clear and concise description of what the bug is.
Since upgrading to a new version of nodejs, tls1.1 no longer works

To Reproduce
Steps to reproduce the behavior:

1. deploy with nodejs v20
2. set config.json to not require newer tls
   "mpshighsecurity": false,
3. set /etc/ssl/openssl.cnf as per Intel AMT 11 TLS 1.1 wont connect #4782

Can't show AMT not connecting very easily, but sslyze shows the issue

command was sslyze.exe host:4433 (output snipped for brevity)

 * SSL 2.0 Cipher Suites:
     Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

 * SSL 3.0 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.0 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.1 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.2 Cipher Suites:
     Attempted to connect using 156 cipher suites.

     The server accepted the following 21 cipher suites:
        TLS_RSA_WITH_ARIA_256_GCM_SHA384                  256
        TLS_RSA_WITH_ARIA_128_GCM_SHA256                  128
        TLS_RSA_WITH_AES_256_GCM_SHA384                   256
        TLS_RSA_WITH_AES_256_CCM_8                        128
        TLS_RSA_WITH_AES_256_CCM                          256
        TLS_RSA_WITH_AES_256_CBC_SHA256                   256
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_GCM_SHA256                   128
        TLS_RSA_WITH_AES_128_CCM_8                        128
        TLS_RSA_WITH_AES_128_CCM                          128
        TLS_RSA_WITH_AES_128_CBC_SHA256                   128
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256       256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384            256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256            128       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.3 Cipher Suites:
     Attempted to connect using 5 cipher suites.

     The server accepted the following 3 cipher suites:
        TLS_CHACHA20_POLY1305_SHA256                      256       ECDH: X25519 (253 bits)
        TLS_AES_256_GCM_SHA384                            256       ECDH: X25519 (253 bits)
        TLS_AES_128_GCM_SHA256                            128       ECDH: X25519 (253 bits)

Expected behavior
sslyze should be able to connect using tls 1.1 (and thus older AMT as well)

Screenshots
n/a

Server Software (please complete the following information):

• OS: Ubuntu
• Virtualization: n/a
• Network: LAN & WAN
• Version: 1.1.15
• Node: 20

Client Device (please complete the following information):

• Device: HP Z420
• OS: W10
• Network: Local to Meshcentral
• Browser: n/a
• MeshCentralRouter Version: n/a

Additional context
Add any other context about the problem here.

Looks like related to nodejs/node#27384

Your config.json file

{
    "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
    "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
    "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
    "settings": {
        "postgres": {
            "user": "mcpostgres",
            "password": "SuperSekritPassword",
            "port": "5432",
            "host": "localhost"
        },
        "_WANonly": true,
        "_LANonly": true,
        "Port": 443,
        "authlog": "/var/log/meshcentral/auth.log",
        "RedirPort": 80,
        "AllowLoginToken": true,
        "AllowFraming": false,
        "_UserAllowedIP": "127.0.0.1,::1,192.168.53.0/24,10.201.253.0/24",
        "cert": "mc.publicdomain.com",
        "_MpsCert": "publicdomain.com",
        "tlsOffload": "192.168.53.54",
        "mpsHighSecurity": false,
        "crowdsec": {
            "url": "http://localhost:8080",
            "apiKey": "SuperSekritPassword",
            "fallbackRemediation": "captcha"
        }
    },
    "domains": {
        "": {
            "minify": true,
            "certUrl": "https://mc.publicdomain.com:443/"
        }
    },
    "_letsencrypt": {
        "email": "ssl@publicdomain.net",
        "names": "mc.publicdomain.com",
        "production": true
    },
    "smtp": {
        "host": "smtp.publicdomain.com",
        "port": 25,
        "from": "mc@publicdomain.com"
    }
}

[si458]

What node version did u upgrade from?
Have u tried node 18?

[thermionic]

previously using the Ubuntu 20.04 Ubuntu repo which was 10.19 https://packages.ubuntu.com/focal/nodejs

TLS 1.0 and TLS 1.1 are both there with Node 16, thanks!

 * SSL 2.0 Cipher Suites:
     Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

 * SSL 3.0 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.0 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 4 cipher suites:
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.1 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 4 cipher suites:
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.2 Cipher Suites:
     Attempted to connect using 156 cipher suites.

     The server accepted the following 21 cipher suites:
        TLS_RSA_WITH_ARIA_256_GCM_SHA384                  256
        TLS_RSA_WITH_ARIA_128_GCM_SHA256                  128
        TLS_RSA_WITH_AES_256_GCM_SHA384                   256
        TLS_RSA_WITH_AES_256_CCM_8                        128
        TLS_RSA_WITH_AES_256_CCM                          256
        TLS_RSA_WITH_AES_256_CBC_SHA256                   256
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_GCM_SHA256                   128
        TLS_RSA_WITH_AES_128_CCM_8                        128
        TLS_RSA_WITH_AES_128_CCM                          128
        TLS_RSA_WITH_AES_128_CBC_SHA256                   128
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256       256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384            256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256            128       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.3 Cipher Suites:
     Attempted to connect using 5 cipher suites.

     The server accepted the following 3 cipher suites:
        TLS_CHACHA20_POLY1305_SHA256                      256       ECDH: X25519 (253 bits)
        TLS_AES_256_GCM_SHA384                            256       ECDH: X25519 (253 bits)
        TLS_AES_128_GCM_SHA256                            128       ECDH: X25519 (253 bits)

[thermionic]

If old TLS versions are required for old AMT version, use node 16 https://github.com/nodesource/distributions