Azure AMS node js app failing to make a TLS 1.2 connection

1
votes

I have a node js app running as mobile service on Azure AMS. I have been using request library to do the HTTPS get/post api calls to an external server. Everything use to work fine till a few days ago when the external entity decided to discontinue supporting TLS 1.0 and below.

I was wondering if someone knows of any known issues of Azure AMS blocking/failing TLS 1.1/1.2 communications with external hosts? That host uses a valid SSL certificate being issued by DigiCert.

Inside my code, I have already tried few things to explicitly tell nodejs to use TLS 1.1 / 1.2 but that didn't work.

var httpRequest = require("request"),
https = require('https');

https.globalAgent.options.secureProtocol = 'TLSv1_2_method'; // Instructing to use TLS 1.2
....


httpRequest.post('https://external-api-url.com', {
    'json': true,
    'body': params,
    'timeout': 20000,
    'jar': false,
    'headers': {
        "Arr-Disable-Session-Affinity": true
    }

}, function(err, response, body) {
    // Code to handle response.
});

Besides globalAgent, I also tried setting secureProtocol from agentOptions as well as directly from within the options object. None of the approaches worked.

Any help will be greatly appreciated.

Thank-you.

1
node.jsazuresslrequesttls1.2
I have never used TLS 1.2 on Node but on ASP.NET WebAPI recently. What I know this, if you want to use TLS 1.2 you need 1) Win 08R2 or later. 2) Update register keys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols, add TLS 1.1\Client TLS 1.1\Server TLS 1.2\Client TLS 1.2\Server with keys Enabled = 0x01 and DisabledByDefault = 0x00. Maybe you can have a try.Shaun Xu

1 Answers

2
votes

Your issue is cause of the version of NodeJS on Azure Mobile Service.

The version of NodeJS on Azure Mobile Service is v0.8.28. You can see it at the section "AppSettings" of the Azure Kudu Env page https://<your_ams_name>.scm.azure-mobile.net/Env , as the picture below.

enter image description here

However, NodeJS add TLS 1.1/1.2 to secureProtocol list since the version 0.11.6, as the picture below.

enter image description here

So when the external entity decided to discontinue supporting TLS 1.0, your nodejs app didn't work.

But you can follow the NodeJS examples with Https APIs support TLS or Request Module with API support TLS/SSL Protocol to set options.key & options.cert to do it. Please refer to https://nodejs.org/docs/v0.8.28/api/https.html#https_https_request_options_callback and https://github.com/request/request#tlsssl-protocol.

Example:

var fs = require('fs')
    , path = require('path')
    , certFile = path.resolve(__dirname, 'ssl/client.crt')
    , keyFile = path.resolve(__dirname, 'ssl/client.key')
    , request = require('request');

https.globalAgent.options.cert = certFile;
https.globalAgent.options.key = keyFil;

Best Regards.