12

I'm trying to get a webpage via node https.request(). Doing so results in an error getting logged by my code. Using the node request module has the same result:

problem with request: 140398870042432:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:658:

The following indicates the wrong SSL version is being used, but I cannot find a way to change the version: curl error: "sslv3 alert unexpected message". Using curl from my terminal returns a response as does hitting the URL in my browser (it is a login page). My code is below.

var request = require('request')
request.get("https://icmserver.wit.ie/balance", function(err, res, body) {
    if (err) {
        return console.log(err)
    }
    return body;
});

Does anyone have any idea what might be happening here?

Improve this question
4
  • Could you show us the exact code you're using? It'd help if we could reproduce the issue. Commented Jun 19, 2012 at 3:15
  • Thanks Len, This is my code: var request = require('request') request.get("icmserver.wit.ie/balance", function(err, res, body){ if(err){ return console.log(err) } return body; }); It keeps logging the SSL error. Commented Jun 19, 2012 at 7:01
  • I note that when I access the site in Chrome, I get: "The connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues." Possibly Node's built-in SSL doesn't support SSL 3. Commented Jun 19, 2012 at 7:06
  • I thought as much. Have spent a long time looking for a way to change nodes SSL version but have had no luck. Thanks for your help :) Commented Jun 19, 2012 at 7:50

3 Answers 3

Reset to default
16

Try to use options = { secureProtocol: 'SSLv3_method' } in the request you are making.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks SuperShalabi that worked, the request is returning data now!
Clarification: The secureProtocol option goes in a new https.Agent.
just for clarification, SSLv3 is broken, you must not use it.
12

We hit the same problem. By default, request uses the https.globalAgent. So we added the code near the top of our script.

var https = require('https');
https.globalAgent.options.secureProtocol = 'SSLv3_method';

All of a sudden everything worked.

Improve this answer

4 Comments

I wouldn't have expected this to work as I would've thought requiring https in different places would therefore not have the same globalAgent, but alas it has worked. Thanks!
I got the error SSL23_GET_SERVER_HELLO:unknown protocol and googled my finger bloody until i finally found this solution. Hopefully reindexes this so others get the information more quickly.
I don't know why this answer has more votes. It can be dangerous to set the protocol globally. If the accepted answer does not work for you, rather than setting the protocol globally, please read carefully the doc to see how to set it up: nodejs.org/api/https.html#https_https_request_options_callback
I would argue it is more dangerous to allow nodeJS to communicate using SSLv2.
0

In case website uses ECDH curve, for me the issue resolved only by adding this option:

request({ url, agentOptions: {
            ecdhCurve: 'P-521:P-384:P-256',
},(err,res,body) => {

JFYI, May be this will help someone.

Improve this answer

1 Comment

This does not look like answer, it's more of suggestion, you can comments for such solutions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.