Gustavo - did you ever find a solution to this problem?
On Thursday, September 27, 2012 8:00:23 AM UTC-5, Gustavo Machado wrote:
>
> Fedor, if it's not SNI related, can you think of anything that might
> be causing the following code not to work? (in chrome and firefox
> it does)
>
> var https = require('https');
> var fs = require('fs');
> var crypto = require("crypto");
>
> var options = {
> SNICallback: function (hostname) {
> console.log('hostname: ' + hostname);
> return crypto.createCredentials({
> key: fs.readFileSync('default.key'),
> cert: fs.readFileSync('default.crt')
> }).context;
> }
> };
>
> https.createServer(options, function (req, res) {
> res.writeHead(200);
> res.end("hello world\n");
> }).listen(8001);
>
> Thanks,
> Gustavo
>
> On Thu, Sep 27, 2012 at 6:17 AM, Fedor Indutny <[email protected]<javascript:>
> > wrote:
>
>> This is not related to SNI at all. (I'm working at Nodejitsu).
>>
>>
>>
>>
>> On Wed, Sep 26, 2012 at 10:41 PM, Gustavo Machado
>> <[email protected]<javascript:>
>> > wrote:
>>
>>> Well... it must be one with the worst support for SNI, however if you
>>> add TLS 1.2 to the mix, everything will work perfectly:
>>> [x] SSL v2
>>> [x] SSL v3
>>> [x] TLS 1.0
>>> [x] TLS 1.1
>>> [x] TLS 1.2 <-- checked it works. unchecked it doesn't work (although
>>> it should)
>>>
>>> I have tried to access some apps hosted in nodejitsu using this config
>>> and it works (https://argentino.jit.su/) and I think they are using the
>>> http-proxy (which has the same problem). So I must be missing something (or
>>> they are not using SNI at all).
>>>
>>> Thanks,
>>> Gustavo
>>>
>>>
>>> On Wed, Sep 26, 2012 at 2:52 PM, Fedor Indutny
>>> <[email protected]<javascript:>
>>> > wrote:
>>>
>>>> I think IE is the only one browser that doesn't support SNI at all.
>>>>
>>>>
>>>>
>>>> On Wed, Sep 26, 2012 at 9:36 PM, Gustavo Machado
>>>> <[email protected]<javascript:>
>>>> > wrote:
>>>>
>>>>> Sorry, here's the code to reproduce the problem:
>>>>>
>>>>> https://gist.github.com/3789357
>>>>>
>>>>> Gus
>>>>>
>>>>> On Wed, Sep 26, 2012 at 2:30 PM, Gustavo Machado
>>>>> <[email protected]<javascript:>
>>>>> > wrote:
>>>>>
>>>>>> Hi guys,
>>>>>>
>>>>>> I have a rather strange problem when trying to use node.js with HTTPS
>>>>>> and SNI. In order to reproduce the error, you would have to open
>>>>>> internet
>>>>>> options in IE 9, and check:
>>>>>>
>>>>>> SSL v2
>>>>>> SSL v3
>>>>>> TLS 1.0
>>>>>> TLS 1.1
>>>>>> (do not check TLS 1.2)
>>>>>>
>>>>>> And verify that the SNICallback is not being called:
>>>>>>
>>>>>> SNICallback: function(hostname){
>>>>>> console.log('hostname: ' + hostname);
>>>>>> ....
>>>>>> }
>>>>>>
>>>>>> This obviously seems to be a problem with IE9 since the rest of the
>>>>>> browsers are working fine, but there's one thing that node seems to be
>>>>>> ignoring. IE9 starts the handshake with SSLv2, and node.js is not trying
>>>>>> to
>>>>>> upgrade the connection to SSLv3 (which presumably would make the SNI
>>>>>> work
>>>>>> on IE).
>>>>>>
>>>>>> Is there anyway to make node.js try to force the secure connection
>>>>>> with SSLv3? Am I missing something? Any help is much appreciated.
>>>>>>
>>>>>> Thanks,
>>>>>> Gus
>>>>>>
>>>>>> PS: I know IE 9 is less than optimal however company policies are
>>>>>> forcing this specific configuration.
>>>>>>
>>>>>
>>>>> --
>>>>> Job Board: http://jobs.nodejs.org/
>>>>> Posting guidelines:
>>>>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "nodejs" group.
>>>>> To post to this group, send email to [email protected]<javascript:>
>>>>> To unsubscribe from this group, send email to
>>>>> [email protected] <javascript:>
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/nodejs?hl=en?hl=en
>>>>>
>>>>
>>>> --
>>>> Job Board: http://jobs.nodejs.org/
>>>> Posting guidelines:
>>>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
>>>> You received this message because you are subscribed to the Google
>>>> Groups "nodejs" group.
>>>> To post to this group, send email to [email protected]<javascript:>
>>>> To unsubscribe from this group, send email to
>>>> [email protected] <javascript:>
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/nodejs?hl=en?hl=en
>>>>
>>>
>>> --
>>> Job Board: http://jobs.nodejs.org/
>>> Posting guidelines:
>>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
>>> You received this message because you are subscribed to the Google
>>> Groups "nodejs" group.
>>> To post to this group, send email to [email protected]<javascript:>
>>> To unsubscribe from this group, send email to
>>> [email protected] <javascript:>
>>> For more options, visit this group at
>>> http://groups.google.com/group/nodejs?hl=en?hl=en
>>>
>>
>> --
>> Job Board: http://jobs.nodejs.org/
>> Posting guidelines:
>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
>> You received this message because you are subscribed to the Google
>> Groups "nodejs" group.
>> To post to this group, send email to [email protected]<javascript:>
>> To unsubscribe from this group, send email to
>> [email protected] <javascript:>
>> For more options, visit this group at
>> http://groups.google.com/group/nodejs?hl=en?hl=en
>>
>
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
