Node http request to API Server fails with TLS Error - No Renegotiation

[darko1002001]

Issue Details

• **Electron Version: v5.0.0
• **Operating System: MacOS 10.14.4 (18E226)
• **Node System version: Tried 11.15.0 and 12.2.0
• **Last Known Working Electron version: None

Expected Behavior

I expect to receive a response, In this case it would be an unauthorized response.

Actual Behavior

I am receiving the following error:

Error: Error: socket hang up
    at Request._callback (/Users/darkogrozdanovski/Development/Multiplatform/electron-request/main.js:14:20)
    at self.callback (/Users/darkogrozdanovski/Development/Multiplatform/electron-request/node_modules/request/request.js:185:22)
    at Request.emit (events.js:194:13)
    at Request.onRequestError (/Users/darkogrozdanovski/Development/Multiplatform/electron-request/node_modules/request/request.js:881:8)
    at ClientRequest.emit (events.js:194:13)
    at TLSSocket.socketOnEnd (_http_client.js:435:9)
    at TLSSocket.emit (events.js:199:15)
    at endReadableNT (_stream_readable.js:1141:12)
    at processTicksAndRejections (internal/process/task_queues.js:81:17)

To Reproduce

I was able to reproduce this by taking the quickstart (https://github.com/electron/electron-quick-start) and adding code to make the request in the main.js file using the node request library

Here is a link to the branch i created
Link To Branch

By some experimentation i was able to get to an error which said the following:

Uncaught Exception:
Error: 140283303048872:error:100000b6:SSL routines:OPENSSL_internal:NO_RENEGOTIATION:../../third_party/boringssl/src/ssl/ssl_lib.cc:966:

The reason i am using request is that the API i am trying to access blocks the normal XHR requests due to CORS and even if i disable webSecurity in electron i still am unable to pass the authentication and get redirected to a login page, i am guessing there is some kind of redirect if it detects a request coming from a browser.

I also tried to execute the exact same code to make a request by writing a separate script and running it using the command node script.js. This worked without any issues.

From what i've read Electron is using the Boringssl implementation which doesn't support this. Is there some kind of a way to skip the renegotiation or bypass it?

[linonetwo]

How to catch this Error? This stack trace is not frieldly at all.
Detail about this Error won't show up in the terminal nor in the developer tool, so it's very hard to find which part of the code rise this error.

I don't want this error pop up. Is there an option to stop electron from poping up these error windows?

[darko1002001]

I don't have much experience with Electron, but in the code i've illustrated this issue in, i am just re-throwing the error that i receive when executing the request, i think this is showing the popup because the error the code is throwing is not caught. Comment out the // if (error) throw new Error(error); block in the main.js file and the popup will not show.

Unfortunately, i don't know how to reach to and log the deep nested error i show in the issue. I just got it as a popup.

Maybe reproducing the request with a more low-level HTTP api as opposed to requests library would help.

[nornagon]

Possibly related: #18557

[codenirvana]

@nornagon Requests on the main process are failing with socket hang up during renegotiation.
This is because of BoringSSL switch in Electron v4.

However, the same requests work in BrowserWindow (renderer process) because Chromium configured BoringSSL to allow renegotiation using:

SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely);

You can test this behavior using my demo setup: https://github.com/codenirvana/electron-tls-renegotiation#electron-tls-renegotiation

Please let me know if there's any workaround to enable TLS renegotiation or any plan to fix this and backport in 4.x?

[nornagon]

I believe @numaanashraf is working on enabling renegotiation in the Node net stack. As a workaround, you could try using Electron's net module instead of Node's http module.

[electron-triage]

Thank you for taking the time to report this issue and helping to make Electron better.

The version of Electron you reported this on has been superseded by newer releases.

If you're still experiencing this issue in Electron 6.x.y or later, please add a comment specifying the version you're testing with and any other new information that a maintainer trying to reproduce the issue should know.

I'm setting the blocked/need-info label for the above reasons. This issue will be closed 7 days from now if there is no response.

Thanks in advance! Your help is appreciated.

[harryi3t]

The newer versions of Electron would also be impacted by this.

[nornagon]

Labelling with 10.x because this still hasn't been fixed.