node icon indicating copy to clipboard operation
node copied to clipboard
verified publisher icon nodejs

Unable to start server with https and pfx file

Open rachitpant opened this issue 3 years ago • 1 comments

Version

v18.4.0

Platform

Darwin MBK-WCV41P7JVM 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:41 PST 2021; root:xnu-8019.61.5~1/RELEASE_ARM64_T6000 arm64

Subsystem

No response

What steps will reproduce the bug?

Trying to start https server in an existing code , stopped working after using the latest node on a new Mac M1 ( arm64).

I saw another bug where it was suggested to upgrade the pfx file , i upgraded the file and the output of openssl pkcs12 -info -in newPfxFile.pfx -noout is

Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

How often does it reproduce? Is there a required condition?

Everytime

What is the expected behavior?

No response

What do you see instead?

Error: unsupported
    at configSecureContext (node:internal/tls/secure-context:282:15)
    at Object.createSecureContext (node:_tls_common:117:3)
    at Server.setSecureContext (node:_tls_wrap:1347:27)
    at Server (node:_tls_wrap:1206:8)
    at new Server (node:https:74:3)
    at Object.createServer (node:https:112:10)
    at resolveHttpServer (/Users/rpant/code/recruiting-calendar/frontend/node_modules/vite/dist/node/chunks/dep-80fe9c6b.js:48117:33)
    at createServer (/Users/rpant/code/recruiting-calendar/frontend/node_modules/vite/dist/node/chunks/dep-80fe9c6b.js:60090:17)
    at async CAC.<anonymous> (/Users/rpant/code/recruiting-calendar/frontend/node_modules/vite/dist/node/cli.js:688:24)

Additional information

No response

rachitpant avatar Sep 20 '22 17:09 rachitpant

My bad .. just realized pbeWithSHA1And40BitRC2-CBC is still the problem. This can be closed as it has the same root cause as the other bug.

Can someone please help me upgrade the legacy cert to a more newer version. I tried openssl pkcs12 -in original.pfx -nodes -legacy -out decryptedPfxFile.tmp but the command fails because -legacy is not supported. I was able to run the above command by removing -legacy , but the new file generated is once again 40BitRC2

My openSSL version is LibreSSL 2.8.3

rachitpant avatar Sep 20 '22 18:09 rachitpant

I'll convert this to a discussion, maybe someone knows the answer.

bnoordhuis avatar Sep 21 '22 19:09 bnoordhuis