Adobe Developer

Anil_Umachigi · 5/25/21

Hello

I have been having issues reaching an internal API with following error.

write EPROTO 4390231552:error:1425F102:SSL routines

I guess this happens since Node.js 12's default TLS settings are stricter now.

The site doesn't handle TLS v1.2. Node 12 by default need 1.2

On my local machine, I could specify the TLS version to make this work like this "node --tls-min-v1.0 apiProd.js"

How can I turn off the TLS verification? or make this work?

Thank you

tmj · 5/29/21

Hey Anil, I will check with the team if there is a way to lower the Node TLS version or any other workarounds. That being said, as you may be aware that Adobe I/O Runtime and Project Firefly are moving away from NodeJS 12 to NodeJS 14. Could you try using NodeJS 14 and see if you can work around the problem?

Anil_Umachigi · 5/29/21

@tmj

Thank you for getting back!

Yes I did read about the update to NodeJS 14. I had issues updating as well. Awaiting reply to my query to kanika's post here.

I tried updating the manifest.yml from 12 to

runtime: 'nodejs:14' , but go an error on deploy

Deploying actions
Error: Unsupported node version in action digi****/aaTrigger. Supported versions are ^10 || ^12

This is an existing app, wondering what's the right way to update.

Also any new app will be 14 by default henceforth?

It would be great if you could get back with an update of possible way forward.

dr_venture · 5/30/21

In your projects root folder is a file named package.json. in there you need to update the node support from ^10 || ^12 to 12^ || 14^.

I will send you a video on how to do it via messaging. The video will be posted to YouTube Adobe Developer channel next week.

Cheers

Anil_Umachigi · 5/31/21

@dr_venture Thank you! So I updated the Package.json, in addition I updated the Manifest.yml

runtime: 'nodejs:14' but got the same error.

A video will be great! thanks a bunch!!

Anil_Umachigi · 5/31/21

Thank you all the node version is resolved, but it would be great if you could post here about the SSL issue when have an update

dr_venture · 6/1/21

Is that TLS issue still persisting for you with node 14?

Anil_Umachigi · 6/1/21

Yes, I'm afraid it is.

I get the below error, when I try to access an internal API.

Works fine in Postman, but error's out in action.

"message": "write EPROTO 140477986916224:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1958:\n",

tmj · 6/2/21

Hey @Anil_Umachigi

I checked with the team and there is no way to specify or lower the TLS version. We do not recommend our customers to use anything below TLS 1.2 because both TLS 1.0 and TLS 1.1 are not as secure and the industry as a whole is moving away from them.

Thus, our recommendation would be to upgrade the service/API in question to use TLS 1.2 or higher.

For the sake of completeness, you could try to work around the issue by using Node JS 10 for your functions. That being said, we again do not recommend this approach because -

1. NodeJS 10 is no longer being maintained since April 2021.
2. You are likely to see higher latencies for actions using Node JS 10 due to cold starts (we will only prewarm Node 14 containers going forward.)

Thanks

Anil_Umachigi · 6/2/21

@tmj Thank you! That makes sense.

I will check with our internal team and see if they can get that in pipeline.

Thank you again!

ShazronAbdullah · 6/3/21

Hi,

As a rule, any command line options available for node, can be set as the environment variable NODE_OPTIONS (each option is space separated).

In this case, in your action code, you can set it as:

process.env.NODE_OPTIONS = "--tls-min-v1.0"

... right before your api call.

Unset it after so you won't affect the security of any other calls:

delete process.env.NODE_OPTIONS

e.g.

process.env.NODE_OPTIONS = "--tls-min-v1.0"
await doSomeApiCall()
delete process.env.NODE_OPTIONS

Adobe Developer

SSL error with Node 12 : TLS Configuration

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe