Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SSL error with Node 12 : TLS Configuration

Anil_Umachigi
Level 2
Level 2

Hello 

 

I have been having issues reaching an internal API with following error. 

write EPROTO 4390231552:error:1425F102:SSL routines

 

I guess this happens since Node.js 12's default TLS settings are stricter now.

The site doesn't handle TLS v1.2. Node 12 by default need 1.2

On my local machine, I could specify the TLS version to make this work like this "node --tls-min-v1.0 apiProd.js" 

How can I turn off the TLS verification? or make this work? 

 

Thank you

6 Replies
tmj
Level 2
Level 2

Hey Anil, I will check with the team if there is a way to lower the Node TLS version or any other workarounds. That being said, as you may be aware that Adobe I/O Runtime and Project Firefly are moving away from NodeJS 12 to NodeJS 14. Could you try using NodeJS 14 and see if you can work around the problem?

Anil_Umachigi
Level 2
Level 2

@tmj 

Thank you for getting back! 

Yes I did read about the update to NodeJS 14. I had issues updating as well. Awaiting reply to my query to kanika's post here

 

I tried updating the manifest.yml from 12 to 

runtime: 'nodejs:14' , but go an error on deploy 
 
Deploying actions
Error: Unsupported node version in action digi****/aaTrigger. Supported versions are ^10 || ^12
 
This is an existing app, wondering what's the right way to update. 
Also any new app will be 14 by default henceforth? 
 
It would be great if you could get back with an update of possible way forward. 
 
dr_venture
Employee
Employee

In your projects root folder is a file named package.json.  in there you need to update the node support from ^10 || ^12 to 12^ || 14^.  

I will send you a video on how to do it via messaging.  The video will be posted to YouTube Adobe Developer channel next week.

 

Cheers

Anil_Umachigi
Level 2
Level 2

@dr_venture Thank you! So I updated the Package.json, in addition I updated the Manifest.yml 

runtime: 'nodejs:14' but got the same error.  

 

A video will be great! thanks a bunch!! 

Anil_Umachigi
Level 2
Level 2

Thank you all the node version is resolved, but it would be great if you could post here about the SSL issue when have an update 

 

 

dr_venture
Employee
Employee

Is that TLS issue still persisting for you with node 14? 

Anil_Umachigi
Level 2
Level 2

Yes, I'm afraid it is. 

I get the below error, when I try to access an internal API.

Works fine in Postman, but error's out in action. 

"message": "write EPROTO 140477986916224:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1958:\n",

 

tmj
Level 2
Level 2

Hey @Anil_Umachigi 

I checked with the team and there is no way to specify or lower the TLS version. We do not recommend our customers to use anything below TLS 1.2 because both TLS 1.0 and TLS 1.1 are not as secure and the industry as a whole is moving away from them.

Thus, our recommendation would be to upgrade the service/API in question to use TLS 1.2 or higher.

For the sake of completeness, you could try to work around the issue by using Node JS 10 for your functions. That being said, we again do not recommend this approach because - 

1. NodeJS 10 is no longer being maintained since April 2021.
2. You are likely to see higher latencies for actions using Node JS 10 due to cold starts (we will only prewarm Node 14 containers going forward.)

 

Thanks

Anil_Umachigi
Level 2
Level 2

@tmj Thank you! That makes sense. 

I will check with our internal team and see if they can get that in pipeline. 

 

Thank you again! 

ShazronAbdullah
Employee
Employee

Hi,

As a rule, any command line options available for node, can be set as the environment variable NODE_OPTIONS (each option is space separated).

 

In this case, in your action code, you can set it as:

process.env.NODE_OPTIONS = "--tls-min-v1.0"

... right before your api call. 

 

Unset it after so you won't affect the security of any other calls:

delete process.env.NODE_OPTIONS

e.g.

process.env.NODE_OPTIONS = "--tls-min-v1.0"
await doSomeApiCall()
delete process.env.NODE_OPTIONS