I am currently experiencing a known problem with OpenSSL on Ubuntu 12.04. This problem is already fixed in Debian and I’m expecting it to be fixed soon in Ubuntu too. However, in the mean time I would need a workaround.
So is it possible to disable TLS1 in Node and have something equivalent to tls1 switch:
openssl s_client -tls1 -connect evernote.com:443
Here is a simple Node.js script to replicate the problem (on Ubuntu 12.04 w/ OpenSSL 1.0.1)
var https = require('https');
https.get({
host: 'www.evernote.com',
path: '/',
port: 443
}, function (res) {
console.log('Success!');
});
Judging from the documentation and the sources (1, 2), it should be possible to pass an options object to
requestthat contains something likein order to use TLSv1 (and just that) for this particular connection.
The default is to use OpenSSL’s SSLv23_method, which means to use the highest TLS/SSL version that is possibly understood by both parties.
Although possible in OpenSSL itself, it is not possible to blacklist a particular TLS version (as in “use the highest version possible, but never this one”) in node.js as far as I can see, the necessary flags to do so are not exported in node.js itself.