Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing SSL_OP_LEGACY_SERVER_CONNECT down to Node #83

Open
corford opened this issue Dec 7, 2022 · 2 comments
Open

Passing SSL_OP_LEGACY_SERVER_CONNECT down to Node #83

corford opened this issue Dec 7, 2022 · 2 comments

Comments

@corford
Copy link

corford commented Dec 7, 2022
edited
Loading

Node v18 removed the OpenSSL option to accept legacy servers. This causes Got to throw the following error when scraping servers that don't support RFC 5746 secure renegotiation:

RequestError: C0B70F932E7F0000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:908:

Looking at the got-scraping source and also this issue #75, it seems it should be possible to pass SSL_OP_LEGACY_SERVER_CONNECT down to Got via _unixOptions.secureOptions. But I can't seem to get it working.

This is what I tried (in my case via a Cheerio preNavigationHook(), since I'm trying to scrape this server using the Crawlee SDK, not got-scraping directly):

  import crypto from 'crypto';
  gotOptions._unixOptions = {
    secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT,
  };
  gotOptions.https = {
    ciphers: [
      // Chrome v92
      'TLS_AES_128_GCM_SHA256',
      'TLS_AES_256_GCM_SHA384',
      'TLS_CHACHA20_POLY1305_SHA256',
      'ECDHE-ECDSA-AES128-GCM-SHA256',
      'ECDHE-RSA-AES128-GCM-SHA256',
      'ECDHE-ECDSA-AES256-GCM-SHA384',
      'ECDHE-RSA-AES256-GCM-SHA384',
      'ECDHE-ECDSA-CHACHA20-POLY1305',
      'ECDHE-RSA-CHACHA20-POLY1305',
      // Legacy:
      'ECDHE-RSA-AES128-SHA',
      'ECDHE-RSA-AES256-SHA',
      'AES128-GCM-SHA256',
      'AES256-GCM-SHA384',
      'AES128-SHA',
      'AES256-SHA',
    ].join(':'),
  };

Here are some SO links related to this OpenSSL issue for additional context:
https://stackoverflow.com/questions/71603314/ssl-error-unsafe-legacy-renegotiation-disabled
https://stackoverflow.com/questions/74324019/allow-legacy-renegotiation-for-nodejs
@corford corford changed the title How to pass SSL_OP_LEGACY_SERVER_CONNECT to Node ? Passing SSL_OP_LEGACY_SERVER_CONNECT down to Node Dec 7, 2022
@teammakdi
Copy link

teammakdi commented Sep 15, 2023
edited
Loading

Facing the same issue @barjin @B4nan

Example url: https://www.hagerty.com/ads.txt

@corford let me know if any solutions

@teammakdi
Copy link

Right now I've added this ssl config as workaround

openssl.cnf

nodejs_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@corford @teammakdi