Closed Neizan93 closed 1 year ago
MrJithil
commented
1 year ago As you mentioned, if the error is caused by openssl dependancy update, we may need to notify the openssl team https://github.com/openssl/openssl for the patches.
In my opinion, TLS 1.2 is already in its way of deprecation line. Is it worth make changes to support them?
bnoordhuis
commented
1 year ago The OpenSSL 3 version, employed by Node 18, does not allow connections to endpoints with TLS versions lower than 1.3
I don't know how you reached this conclusion, openssl 3 supports tlsv1.2. Chances are you're doing something wrong. I'm not going to debug your angular app for you but if you have a standalone test case, no third-party dependencies, I'm happy to take a look.
bnoordhuis
commented
1 year ago No follow-up so far so I'm going to close this but LMK when you have a reproducer.
Version
v18.18.2
Platform
Microsoft Windows NT 10.0.19045.0 x64
Subsystem
Networking / HTTPS / TLS
What steps will reproduce the bug?
How often does it reproduce? Is there a required condition?
The issue reproduces every time under the given condition of using Node 18 with Angular 15 and trying to access a backend using TLS 1.2 via the proxy configuration.
What is the expected behavior? Why is that the expected behavior?
The expected behavior is that the proxy configuration should function correctly, allowing the local development environment to communicate with the backend using TLS 1.2 without any issues.
What do you see instead?
A failure in proxy configuration, preventing access to the backend due to the restriction of TLS versions lower than 1.3 in OpenSSL 3 used by Node 18.
Additional information
The issue seems to be rooted in the change of OpenSSL version used by Node.js from version 17 onwards. The OpenSSL 3 version, employed by Node 18, does not allow connections to endpoints with TLS versions lower than 1.3 as it's considered insecure. However, many backends, including ours, are currently configured with TLS 1.2, and there's no immediate plan to upgrade them to TLS 1.3. This TLS version restriction disrupts the development workflow significantly, especially when using frameworks like Angular that rely on proxy configurations for local development. A workaround or a method to override this restriction temporarily for development purposes would be greatly beneficial.