node.js - 如何在 nodejs 请求中禁用 Tls 1.3
问题描述
在我的电子应用程序中使用 npm 请求包发送请求时,我想禁用 tls 1.3 并使用特定的密码套件。
我发现当我通过“npm start”运行它时,它实际上是“电子”。(我的函数在主进程中),它发送带有额外字段“extension_supported_versions”的 tls 客户端握手消息,表示支持 tls1.3。并携带 46 个密码套件。
如果由“node test.js”运行,则只发送 18 个密码套件。
在这两种情况下,Reuqest 软件包版本都是 2.88.0。我想知道为什么存在这种差异。似乎电子做了一些事情来影响请求包的密码套件选择过程。
"ELectron ."
Frame 80754: 305 bytes on wire (2440 bits), 305 bytes captured (2440 bits) on interface 0
Ethernet II, Src: IntelCor_18:36:61 (78:0c:b8:18:36:61), Dst: Tp-LinkT_9d:52:bc (bc:46:99:9d:52:bc)
Internet Protocol Version 4, Src: 192.168.1.101, Dst: 27.148.140.18
Transmission Control Protocol, Src Port: 53505, Dst Port: 443, Seq: 1, Ack: 1, Len: 251
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 246
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 242
Version: TLS 1.2 (0x0303)
Random: b5e74f961551b2deda4486f6d138b97c0d12419b756cda10…
Session ID Length: 32
Session ID: 4e7b9be07d3d89c6e9d9ffb7bbb6fbf971b5d2912f9e8584…
Cipher Suites Length: 36
Cipher Suites (18 suites)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 133
Extension: server_name (len=17)
Type: server_name (0)
Length: 17
Server Name Indication extension
Server Name list length: 15
Server Name Type: host_name (0)
Server Name length: 12
Server Name: api.nike.com
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Extension: supported_groups (len=8)
Type: supported_groups (10)
Length: 8
Supported Groups List Length: 6
Supported Groups (3 groups)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: signature_algorithms (len=20)
Type: signature_algorithms (13)
Length: 20
Signature Hash Algorithms Length: 18
Signature Hash Algorithms (9 algorithms)
Extension: key_share (len=38)
Type: key_share (51)
Length: 38
Key Share extension
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: supported_versions (len=5)
Type: supported_versions (43)
Length: 5
Supported Versions length: 4
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
"Node test.js"
Frame 80283: 287 bytes on wire (2296 bits), 287 bytes captured (2296 bits) on interface 0
Ethernet II, Src: IntelCor_18:36:61 (78:0c:b8:18:36:61), Dst: Tp-LinkT_9d:52:bc (bc:46:99:9d:52:bc)
Internet Protocol Version 4, Src: 192.168.1.101, Dst: 27.155.111.241
Transmission Control Protocol, Src Port: 53496, Dst Port: 443, Seq: 1, Ack: 1, Len: 233
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 228
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 224
Version: TLS 1.2 (0x0303)
Random: 0193f22cc60e33bca73d481c887826386fda6bd2cfb12e48…
Session ID Length: 0
Cipher Suites Length: 92
Cipher Suites (46 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xc0af)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 (0xc0a3)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 (0xc0a2)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1)
Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0)
Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 91
Extension: server_name (len=17)
Type: server_name (0)
Length: 17
Server Name Indication extension
Server Name list length: 15
Server Name Type: host_name (0)
Server Name length: 12
Server Name: api.nike.com
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
Extension: supported_groups (len=10)
Type: supported_groups (10)
Length: 10
Supported Groups List Length: 8
Supported Groups (4 groups)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: encrypt_then_mac (len=0)
Type: encrypt_then_mac (22)
Length: 0
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: signature_algorithms (len=32)
Type: signature_algorithms (13)
Length: 32
Signature Hash Algorithms Length: 30
Signature Hash Algorithms (15 algorithms)
解决方案
您可以通过指定方法“TLSv1_2_method”降级到 tls1.2:
var https = require('https');
var options = {
hostname: 'example.com',
port: 443,
path: '/',
method: 'GET',
secureProtocol:'TLSv1_2_method'
};
const req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write(d);
});
});
如果服务器是您项目的一部分,我建议修复服务器端而不是削弱您的客户端应用程序。
推荐阅读
- javascript - 如何在 minicart magento2 中显示特定的产品附加选项
- python - 有没有办法将 Jupyter 笔记本上单元格中突出显示的代码更改为全部小写?
- python - Spark NLP Normalizer 中的正则表达式无法正常工作
- java - Spring - 从受登录名和密码保护的远程位置获取资源列表
- reactjs - UI Kitten 和 React Native 无法使用主题道具
- python - 为什么 django 运行命令“python3 manage.py runserver”不在 docker-compose 中执行?
- c# - 在 C# 中以编程方式检查字符串是否包含有效的 C# 代码
- excel - 工作表之间的动态排序和分组数据
- python - 使用 python 和 gmail 发送电子邮件
- flutter - Flutter - 在 ABI 的 NDK 工具链文件夹中找不到工具链