Jump to content
Sign in to follow this  
Daniel Eiszele

Nodejs https ciphers out of date

Recommended Posts

Connection to the Nodejs https server demo project doesn't appear to be possible in its current incarnation?  The error I get back from chrome seems to suggest that the ciphers in the SmartNJ.Server.https.pas unit are incorrect or out of date.  If I update them with the values from the Nodejs documentation then it compiles and works as expected.  The current values (V12/V13) are included below.  Out of interest, can anyone else connect to the https demo without adjustment?

  _Common_CIPHERS = [
    'TLS_AES_256_GCM_SHA384',
    'TLS_CHACHA20_POLY1305_SHA256',
    'TLS_AES_128_GCM_SHA256',
    'ECDHE-RSA-AES128-GCM-SHA256',
    'ECDHE-ECDSA-AES128-GCM-SHA256',
    'ECDHE-RSA-AES256-GCM-SHA384',
    'ECDHE-ECDSA-AES256-GCM-SHA384',
    'DHE-RSA-AES128-GCM-SHA256',
    'ECDHE-RSA-AES128-SHA256',
    'DHE-RSA-AES128-SHA256',
    'ECDHE-RSA-AES256-SHA384',
    'DHE-RSA-AES256-SHA384',
    'ECDHE-RSA-AES256-SHA256',
    'DHE-RSA-AES256-SHA256',
    'HIGH'
    ];

  _Common_BlackList = [
    '!aNULL',
    '!eNULL',
    '!EXPORT',
    '!DES',
    '!RC4',
    '!MD5',
    '!PSK',
    '!SRP',
    '!CAMELLIA'
  ];

 

Share this post


Link to post
Share on other sites

Edit: There are two reasons for problems:

  1. Expired (and self signed) ssl certificate, which the browsers are warning about. You can bypass the warning and accept the self signed certificate.
  2. There's a bug in TNJHTTPSServer.Dispatch SmartNJ.Server.Https.pas. I fixed this very same issue in http ages ago but didn't realize that the same bug was in https as well. The correct code is below
procedure TNJHTTPSServer.Dispatch(request: JServerRequest; response: JServerResponse);
begin
  if assigned(OnRequest) then
  begin
    var LRequest := TNJHttpRequest.Create(self,request);
    var LResponse := TNJHttpResponse.Create(self,response);
    try
      OnRequest(self, LRequest, LResponse);
    except
      on e: exception do
      begin
        Raise ENJHttpServerError.CreateFmt
        ('Dispatch failed, system threw exception %s with message [%s]',
        [e.ClassName, e.Message]);
      end;
    end;
  end;
end;

When I use this fix and accept the self signed certificate, the demo works,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×