Issues with Node v18.13.0

apigrate / autotask-restapi

NodeJS library for the Autotask REST API.

Apache License 2.0

11 stars 8 forks source link

Issues with Node v18.13.0 #17

Closed tmidthjell closed 1 year ago

tmidthjell commented 1 year ago

I'm having issues with Node v18: FetchError: request to https://webservices.autotask.net.... failed, reason: write EPROTO DCB00000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:c:\ws\deps\openssl\openssl\ssl\statem\extensions.c:9

The issue seems to be related to Autotask API not using Secure Renegotiations in their SSL Certificate

gaumeister commented 1 year ago

I can reproduce this on node v18.13.0 also. I am looking for node environment switches to disable validation, but haven't found anything yet. Ultimately, the root cause (SSL at Autotask) should be addressed.

gaumeister commented 1 year ago

@tmidthjell please install latest @apigrate/autotask-restapi@0.6.2

I found and tested a workaround that allows SSL legacy renegotiation. Tested on all active node LTS versions (14, 16, 18).

tmidthjell commented 1 year ago

Thanks @gaumeister! I've also informed Datto Support / Sec Team about the issue. Hopefully they'll fix the potential security issue.