4

I am running a node.js server developed using express and it is working perfectly. I am trying to secure it using https module. I generated self-signed certificate and key using openssl, but getting the below error from firefox while trying to connect. IE is also not loading the secure page.

Secure Connection Failed

An error occurred during a connection to localhost:3001. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem.

I created the key and certificate using the below commands:

>> openssl genrsa 1024 > key.pem
>> openssl req -x509 -new -key key.pem > key-cert.pem

I am using firefox 39.0, node 0.12.4, express 4.13.1, openssl 0.9.81 and working in windows server 2008 R2 Enterprise.

This is my code. server.js is the starting point: node server.js

server.js:

var http = require('http');
var https = require('https');
var fs = require('fs');
var app = require('./app');

var credentials = { 
    key: fs.readFileSync('./certificate/key.pem'),
    cert: fs.readFileSync('./certificate/key-cert.pem')
};

http.createServer(app).listen(3000);
https.createServer(credentials, app).listen(3001);

app.js:

var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');

var register = require('./routes/register');

var app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

//app.get("/", login.form);
app.get("/register", register.form);
app.post("/register", register.submit);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  var err = new Error('Not Found');
  err.status = 404;
  next(err);
});

// error handlers

// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
  app.use(function(err, req, res, next) {
    res.status(err.status || 500);
    res.render('error', {
      message: err.message,
      error: err
    });
  });
}

// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
  res.status(err.status || 500);
  res.render('error', {
    message: err.message,
    error: {}
  });
});
module.exports = app;

I am trying to access the application using: https://localhost:3001/register

I am stuck in this. Please help me with a solution.

hermes101
  • 176
  • 1
  • 2
  • 8

2 Answers2

2

I am so embarrassed. It was my own mistake while creating the certificate file. I forgot to set OPENSSL_CONF variable with openssl.cnf path and the certificate file was created as blank. This was causing the whole issue. We can set the variable in command prompt for current session or in user level in environment variable settings.

set OPENSSL_CONF=c:/<your .cnf location>/openssl.cnf
hermes101
  • 176
  • 1
  • 2
  • 8
  • does this applies to `Linux` server as well? where can we set `environment` variable in user lever in `Linux`? and did you re-generated certificate files as well? – Nah May 05 '18 at 16:13
  • posted my question here: https://stackoverflow.com/questions/50194109/node-js-https-configuration-error-no-common-encryption-algorithms – Nah May 05 '18 at 21:19
1

This was my fault for not checking if Express.js was passed the correct options dictionary in the first place.

I got a sketch of my Express.js code configured to work with HTTPS from another developer who suggested that I should test it. I started testing and got the SSL_ERROR_NO_CYPHER_OVERLAP error in Firefox. I was trying all kinds of tricks: choosing different ciphers, double-checking the certificates, and so on but the SSL_ERROR_NO_CYPHER_OVERLAP was still the same.

It turned out that the options variable with the keys:

const options = {
  key: fs.readFileSync("somekey.key"),
  cert: fs.readFileSync("somekey.crt"),
  ciphers: "DEFAULT:!SSLv2:!RC4:!EXPORT:!LOW:!MEDIUM:!SHA1"
};

was not passed to the following line correctly:

https.createServer(options, app).listen(...

So the Express.js was not using the information about key/cert at all!

Stanislav Pankevich
  • 11,044
  • 8
  • 69
  • 129