Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSLv3 connectivity in Node LTS #3695

Closed
gschwa opened this issue Nov 6, 2015 · 7 comments
Closed

SSLv3 connectivity in Node LTS #3695

gschwa opened this issue Nov 6, 2015 · 7 comments
Labels
question Issues that look for answers. tls Issues and PRs related to the tls subsystem.

Comments

@gschwa
Copy link

gschwa commented Nov 6, 2015

Believe it or not there are still "secure" sites running SSLv3 and I need to connect to it. When I set the:

secureProtocol: 'SSLv3_method'

I get back: Error: SSLv3 methods disabled

I am using Node 4.2.2. Is there anything I can do to enable SSLv3?
@Fishrock123 Fishrock123 added the tls Issues and PRs related to the tls subsystem. label Nov 6, 2015
@Fishrock123
Copy link
Contributor

No, we build without SSLv3 support as it is effectively broken entirely and you might as well be using regular http.

See:

@mscdex
Copy link
Contributor

mscdex commented Nov 6, 2015

Your only option is to use an old version of node, but still you really should not be using anything less than TLSv1 at this point if you care about security. You might contact the server owner and ask them to at least permit TLSv1+ connections.

@ChALkeR ChALkeR added the question Issues that look for answers. label Nov 7, 2015
@evanlucas
Copy link
Contributor

Closing as there isn't really anything actionable that we can do on this one

@ldarren ldarren mentioned this issue Jun 20, 2016
Closed
@richardzyx
Copy link

What's the standard practice to let node throw an exception/warning message when using SSLv3/2? I had to spend quite some time debugging this issue since I just picked node back up and wasn't aware of this functionality. The only way I could get more information was from openssl cli, but it would have've been much nicer if there are existing warning or documentations.

In my case, the same key/cert worked for a Java application so the debugging process has been particularly painful.

If I missed anything apparent, please feel free to let me know. Thanks!

@Trott
Copy link
Member

Trott commented Jul 12, 2017

@richardzyx Hi! This issue tracker is for bugs and issues found within Node.js core.
For more general support questions like that, please file an issue on our help
repo. https://github.com/nodejs/help

Thanks!

@YuriyTigiev
Copy link

Hi!

What version of nodejs and which modules supported TLSv1/SSLv3?
I develop a script that should get data from the sites running TLSv1/SSLv3.

@Trott
Copy link
Member

Trott commented Dec 21, 2019
edited
Loading

@YuriyTigiev Not sure what you mean by "which modules" but SSLv3 has been disabled-by-default since Node.js 4.0.0. (It was disabled during the io.js fork.)

I'm going to lock this issue. For more questions or clarifications, consider opening a new issue in this repo or in https://github.com/nodejs/help. You can also ask on StackOverflow, in IRC, etc.

@nodejs nodejs locked as resolved and limited conversation to collaborators Dec 21, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question Issues that look for answers. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@mscdex @gschwa @ChALkeR @evanlucas @Trott @Fishrock123 @richardzyx @YuriyTigiev